Overview

overview

10

Static

static

8

4cceb7f9a7...18.doc

windows7-x64

10

4cceb7f9a7...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4cceb7f9a7b93b21b2c301b4be788028_JaffaCakes118

  • Size

    235KB

  • Sample

    240516-yskqqsea6x

  • MD5

    4cceb7f9a7b93b21b2c301b4be788028

  • SHA1

    7fc688b26b743169e5a42c5f409c56af70ca15d1

  • SHA256

    a8ca88ae6ae53b08174b28a692e3b305eceda27b0dc22286229786b98baed68b

  • SHA512

    52c812c553eef051532acc947cb50e640354ea59761c60348818ea66395c6d723848884b3308b7ac67b829fb4b137939c9af3f5f09c453b242be2dc6493b20c3

  • SSDEEP

    6144:Ww0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+B2KEwCzRm:l0E3dxtR/iU9mvUPBawCzRm

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ta-behesht.ir/images/Provx00a/
exe.dropper

http://tatcogroup.ir/wp-admin/UC/
exe.dropper

http://tcpartner.ru/wp-includes/nr8/
exe.dropper

http://tepcian.utcc.ac.th/wp-admin/SquR/
exe.dropper

http://ourproductreview.in/pokjbg746ihrtr/a1kzwc/

Targets

    • Target

      4cceb7f9a7b93b21b2c301b4be788028_JaffaCakes118

    • Size

      235KB

    • MD5

      4cceb7f9a7b93b21b2c301b4be788028

    • SHA1

      7fc688b26b743169e5a42c5f409c56af70ca15d1

    • SHA256

      a8ca88ae6ae53b08174b28a692e3b305eceda27b0dc22286229786b98baed68b

    • SHA512

      52c812c553eef051532acc947cb50e640354ea59761c60348818ea66395c6d723848884b3308b7ac67b829fb4b137939c9af3f5f09c453b242be2dc6493b20c3

    • SSDEEP

      6144:Ww0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+B2KEwCzRm:l0E3dxtR/iU9mvUPBawCzRm

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks