Overview

overview

10

Static

static

8

618ab1b469...18.doc

windows7-x64

10

618ab1b469...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    618ab1b469f733d3f9c0d84be61cb5cb_JaffaCakes118

  • Size

    199KB

  • Sample

    240521-beftasdd9t

  • MD5

    618ab1b469f733d3f9c0d84be61cb5cb

  • SHA1

    1f63ecf64aca42901843be4e6ecd56625fb7e61e

  • SHA256

    b55e9ccda8c1679a515a23ca45f4b44c65d4fe1b0cd358f791318479f265052e

  • SHA512

    fd826ff6729f18604df5505c997323e6e35a2243a25ab8f8736d1759705dc6a1b211f92c3a88b8ce9f5035d9c5e266349fb1a1ec58248e6585fdaeb241402da6

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZnpfRvAKpDRJ:d/TX07hHcJQN1J

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/
exe.dropper

http://buyparrotsaustralia.com/4318z/q/
exe.dropper

https://dubai-homes.ae/wp-admin/4v/
exe.dropper

http://adventureitdate.com/wp-admin/7/
exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/
exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      618ab1b469f733d3f9c0d84be61cb5cb_JaffaCakes118

    • Size

      199KB

    • MD5

      618ab1b469f733d3f9c0d84be61cb5cb

    • SHA1

      1f63ecf64aca42901843be4e6ecd56625fb7e61e

    • SHA256

      b55e9ccda8c1679a515a23ca45f4b44c65d4fe1b0cd358f791318479f265052e

    • SHA512

      fd826ff6729f18604df5505c997323e6e35a2243a25ab8f8736d1759705dc6a1b211f92c3a88b8ce9f5035d9c5e266349fb1a1ec58248e6585fdaeb241402da6

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZnpfRvAKpDRJ:d/TX07hHcJQN1J

    Score
    10/10

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks