Overview

overview

10

Static

static

1

63ee7ee96b...18.doc

windows7-x64

10

63ee7ee96b...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63ee7ee96befda7b53120dec6eedebda_JaffaCakes118

  • Size

    171KB

  • Sample

    240521-trnzjsbe26

  • MD5

    63ee7ee96befda7b53120dec6eedebda

  • SHA1

    74fb7857534a58a77cf055b34ce874abbe7d1000

  • SHA256

    595bf8c58b9b6b8f46cff1c7181c105f966687b3fec845525ed2594169014a76

  • SHA512

    0d1fd28b93f942996d7bd2f807f96f09e2b07b978424061f2b7d2268fb73a6d1e4e79dc1a937d2faabc613803bf8f146fe912e1ff4c613d11068dec604273358

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7EcZaBp:Hs9ufsfgIf0pLgcZKp

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/
exe.dropper

http://www.noramua.com/wp-content/Eb/
exe.dropper

http://chakteholistico.com/wp-includes/7c/
exe.dropper

https://zeitraisen.com/wordpress/GoG/
exe.dropper

http://gosmart-online.com/wp-includes/9/
exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/
exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      63ee7ee96befda7b53120dec6eedebda_JaffaCakes118

    • Size

      171KB

    • MD5

      63ee7ee96befda7b53120dec6eedebda

    • SHA1

      74fb7857534a58a77cf055b34ce874abbe7d1000

    • SHA256

      595bf8c58b9b6b8f46cff1c7181c105f966687b3fec845525ed2594169014a76

    • SHA512

      0d1fd28b93f942996d7bd2f807f96f09e2b07b978424061f2b7d2268fb73a6d1e4e79dc1a937d2faabc613803bf8f146fe912e1ff4c613d11068dec604273358

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7EcZaBp:Hs9ufsfgIf0pLgcZKp

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks