Overview

overview

10

Static

static

8

41b3a02254...18.doc

windows7-x64

10

41b3a02254...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    41b3a02254d5c22ff8522f42227c2106_JaffaCakes118

  • Size

    191KB

  • Sample

    240514-qznrzahg22

  • MD5

    41b3a02254d5c22ff8522f42227c2106

  • SHA1

    f4c18f2259be247fb039577d9c26dd65c12d5b84

  • SHA256

    ccb79dda93025e923e331ed559dede37b9d588886ae7a227fddd3c5e439672ae

  • SHA512

    c48ad20722a43c3d32ee90132ac19aaa087457628c56a44ae31a346dbdaf1568e3fe8753befe9dd2e7ad10a8fe15d4de616ec28ead66bda47f86148bc631393f

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a93k1q9Dba/qrHEs+nPyNdOx7jed:+rfrzOH98ipgtva/qTX+nPyLOBad

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      41b3a02254d5c22ff8522f42227c2106_JaffaCakes118

    • Size

      191KB

    • MD5

      41b3a02254d5c22ff8522f42227c2106

    • SHA1

      f4c18f2259be247fb039577d9c26dd65c12d5b84

    • SHA256

      ccb79dda93025e923e331ed559dede37b9d588886ae7a227fddd3c5e439672ae

    • SHA512

      c48ad20722a43c3d32ee90132ac19aaa087457628c56a44ae31a346dbdaf1568e3fe8753befe9dd2e7ad10a8fe15d4de616ec28ead66bda47f86148bc631393f

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a93k1q9Dba/qrHEs+nPyNdOx7jed:+rfrzOH98ipgtva/qTX+nPyLOBad

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks