Overview

overview

10

Static

static

8

6543c25fb6...18.doc

windows7-x64

10

6543c25fb6...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6543c25fb6d40bd6c96501081586df71_JaffaCakes118

  • Size

    155KB

  • Sample

    240521-3yqldseb92

  • MD5

    6543c25fb6d40bd6c96501081586df71

  • SHA1

    34e93e41c8a325264cb68d3655cf3622ba78ce13

  • SHA256

    202e67f5278001d2497ccc4e4373ed5ead47be61e4df1b98b05edf9e88b4abcb

  • SHA512

    029e4bc551dc31afc63a9dbf0431ad1cd155735823ffb1b6d502922aad1fa4297bf5df32202be66adc4422dc01b10f89f60ce60aac366b0e1bec267b36e901a6

  • SSDEEP

    1536:uA903A90nrdi1Ir77zOH98Wj2gpngB+a90G38o8kwPniDKT+0AIdq8xwUr:urfrzOH98ipgoQ8jBniDK7FdBxwUr

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://mendozagroup.ca/wp-includes/qqiB/
exe.dropper

http://aeropilates.cl/wp-content/VAjqCR9q/
exe.dropper

https://bondart.eu/docs/hk8GK/
exe.dropper

http://axz.pt/wp-snapshots/Kiw/
exe.dropper

http://wa3idoun.com/ay8yjk/774x/
exe.dropper

http://karachiupdates.com/277p/EBYnXXE/
exe.dropper

http://injazjordan.com/moodle/NWgrYEp0/

Targets

    • Target

      6543c25fb6d40bd6c96501081586df71_JaffaCakes118

    • Size

      155KB

    • MD5

      6543c25fb6d40bd6c96501081586df71

    • SHA1

      34e93e41c8a325264cb68d3655cf3622ba78ce13

    • SHA256

      202e67f5278001d2497ccc4e4373ed5ead47be61e4df1b98b05edf9e88b4abcb

    • SHA512

      029e4bc551dc31afc63a9dbf0431ad1cd155735823ffb1b6d502922aad1fa4297bf5df32202be66adc4422dc01b10f89f60ce60aac366b0e1bec267b36e901a6

    • SSDEEP

      1536:uA903A90nrdi1Ir77zOH98Wj2gpngB+a90G38o8kwPniDKT+0AIdq8xwUr:urfrzOH98ipgoQ8jBniDK7FdBxwUr

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks