Overview

overview

10

Static

static

8

4c3048ca7a...18.doc

windows7-x64

10

4c3048ca7a...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4c3048ca7ac33343bed1b143f5fe68cd_JaffaCakes118

  • Size

    149KB

  • Sample

    240516-vtzphafb3z

  • MD5

    4c3048ca7ac33343bed1b143f5fe68cd

  • SHA1

    6940a60ac87b700c11764c4d1bacd1aa91c06360

  • SHA256

    965d36b92a4dd5e5a95f80b3dafb1a46b066473ede1402accd12971705067fc1

  • SHA512

    2fc07cb91992e218d9fcd7b75b92d3444349dd90d6f37159627d8be9319ea2a68b65f667192b69f70400c8e32f04ea5f4ac3245a4a5c8cd228b045684fd58486

  • SSDEEP

    3072:cHzxfmNGf4Y1Kol0U3GaMEfffffffffJ9HJd4NtgIqSc:cHtfmNGfHKouHEfffffffffbpSNtgIHc

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://jpwoodfordco.com/admin/sDs/
exe.dropper

http://luzzeri.com/wp-includes/o9G/
exe.dropper

http://matadebenfica.com/permanente/u/
exe.dropper

https://hapyc.com/wp-content/s/
exe.dropper

https://zycccccc.top/wp-content/lx3/
exe.dropper

https://dezurve.sa/webmail/installer/mqi/
exe.dropper

http://swiftlogisticseg.com/wp-admin/7/

Targets

    • Target

      4c3048ca7ac33343bed1b143f5fe68cd_JaffaCakes118

    • Size

      149KB

    • MD5

      4c3048ca7ac33343bed1b143f5fe68cd

    • SHA1

      6940a60ac87b700c11764c4d1bacd1aa91c06360

    • SHA256

      965d36b92a4dd5e5a95f80b3dafb1a46b066473ede1402accd12971705067fc1

    • SHA512

      2fc07cb91992e218d9fcd7b75b92d3444349dd90d6f37159627d8be9319ea2a68b65f667192b69f70400c8e32f04ea5f4ac3245a4a5c8cd228b045684fd58486

    • SSDEEP

      3072:cHzxfmNGf4Y1Kol0U3GaMEfffffffffJ9HJd4NtgIqSc:cHtfmNGfHKouHEfffffffffbpSNtgIHc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks