Overview

overview

10

Static

static

8

514d9b9d1e...18.doc

windows7-x64

10

514d9b9d1e...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    514d9b9d1e23500a6b2f05234429df6b_JaffaCakes118

  • Size

    159KB

  • Sample

    240517-y2e7lsha3v

  • MD5

    514d9b9d1e23500a6b2f05234429df6b

  • SHA1

    a1710a325de2d48099e900bee34fb709902e3c71

  • SHA256

    59de1190716bb70c977e59d24c6527fd5a765e7abded702239495d195191eae3

  • SHA512

    edf33a56fdd75bd87ba7d4ee7359a510214eb91fead4d72027b3cd344db822512675c1ef8ea1b5a6cce68a3537175bc6f62b7d3bac85193b89a363975284648c

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9HLln2/55e:9rfrzOH98ipgzL055e

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      514d9b9d1e23500a6b2f05234429df6b_JaffaCakes118

    • Size

      159KB

    • MD5

      514d9b9d1e23500a6b2f05234429df6b

    • SHA1

      a1710a325de2d48099e900bee34fb709902e3c71

    • SHA256

      59de1190716bb70c977e59d24c6527fd5a765e7abded702239495d195191eae3

    • SHA512

      edf33a56fdd75bd87ba7d4ee7359a510214eb91fead4d72027b3cd344db822512675c1ef8ea1b5a6cce68a3537175bc6f62b7d3bac85193b89a363975284648c

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9HLln2/55e:9rfrzOH98ipgzL055e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks