Overview

overview

10

Static

static

8

4b290e4a9c...18.doc

windows7-x64

10

4b290e4a9c...18.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118

  • Size

    134KB

  • Sample

    240516-p3nqpsea37

  • MD5

    4b290e4a9c72a8ccb01a945a516d06e8

  • SHA1

    459ec7d526faf4138ee50a0899c8f385e9df037c

  • SHA256

    d07bbf9636c223b83dfe333c0428b41b909c19321e5f208bb805a2869cb358d5

  • SHA512

    17d3bd4060dd8b5f1b57f9cf03741cdfb443e8226cdfbffff32059d3ae8c74a6556ed20658776fc2aef6df8eece7fab1334e7bfeafc1bea0d0579fb65b0ada09

  • SSDEEP

    3072:FkGBPFJjA948rgSPj/5hyxXO+FMv3V1BUo62Yzs3oFAYxPxTqf7p1ftmZS:FkGBPFJjA94Vkj+xh+vTCoAs3oRPxTqc

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.studiomovil.com.mx/wp-content/erRpJAmInz/
exe.dropper

http://krzewy-przemysl.pl/wp-includes/yf1etsmsp_esqjtujn-589/
exe.dropper

http://laalpina.cl/sisi/cncXoJaqj/
exe.dropper

http://aysotogaziantep.com/wp-content/DSovUnSbnf/
exe.dropper

http://www.noshnow.co.uk/ybzew/wMaxwSMC/

Targets

    • Target

      4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118

    • Size

      134KB

    • MD5

      4b290e4a9c72a8ccb01a945a516d06e8

    • SHA1

      459ec7d526faf4138ee50a0899c8f385e9df037c

    • SHA256

      d07bbf9636c223b83dfe333c0428b41b909c19321e5f208bb805a2869cb358d5

    • SHA512

      17d3bd4060dd8b5f1b57f9cf03741cdfb443e8226cdfbffff32059d3ae8c74a6556ed20658776fc2aef6df8eece7fab1334e7bfeafc1bea0d0579fb65b0ada09

    • SSDEEP

      3072:FkGBPFJjA948rgSPj/5hyxXO+FMv3V1BUo62Yzs3oFAYxPxTqf7p1ftmZS:FkGBPFJjA94Vkj+xh+vTCoAs3oRPxTqc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks