Overview

overview

10

Static

static

8

47b5bcd993...18.doc

windows7-x64

10

47b5bcd993...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    47b5bcd993d01ef57bf1656b91011da4_JaffaCakes118

  • Size

    170KB

  • Sample

    240515-ycq8ksgg63

  • MD5

    47b5bcd993d01ef57bf1656b91011da4

  • SHA1

    3cc166aa1812f2edb1c27a2a44a94b919045a012

  • SHA256

    1c3544c3d12411b68e3260fa40e9dc0826c344c9a131928a04c7f8f517166645

  • SHA512

    1a8216b994afbef58bbe535ce54ca2e3b0bb7aebcd4a9a5a5ff3a1c97d857591c58da3185f425606431c85bffde0583b152227f085cda925f717da458ab288c5

  • SSDEEP

    1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5ig:yrfrzOH98ipgXPLQbq/v

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://geevida.com/wp-admin/DhWo/
exe.dropper

http://elrofanfoods.com/wp-admin/qc/
exe.dropper

https://volcanict.com/wp-admin/LfWFF/
exe.dropper

http://xmjadever.com/wp-admin/FTOXI/
exe.dropper

https://gbmcleaning.com/1/Gdk5eqv/
exe.dropper

https://kingchuen.com/cgi-bin/KQ/
exe.dropper

https://billc46.com/uf65/H4/

Targets

    • Target

      47b5bcd993d01ef57bf1656b91011da4_JaffaCakes118

    • Size

      170KB

    • MD5

      47b5bcd993d01ef57bf1656b91011da4

    • SHA1

      3cc166aa1812f2edb1c27a2a44a94b919045a012

    • SHA256

      1c3544c3d12411b68e3260fa40e9dc0826c344c9a131928a04c7f8f517166645

    • SHA512

      1a8216b994afbef58bbe535ce54ca2e3b0bb7aebcd4a9a5a5ff3a1c97d857591c58da3185f425606431c85bffde0583b152227f085cda925f717da458ab288c5

    • SSDEEP

      1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5ig:yrfrzOH98ipgXPLQbq/v

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks