Overview

overview

10

Static

static

8

65d60169a3...18.doc

windows7-x64

10

65d60169a3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65d60169a351ce777443aa9f0fa8ce72_JaffaCakes118

  • Size

    190KB

  • Sample

    240522-dwxt9aag2t

  • MD5

    65d60169a351ce777443aa9f0fa8ce72

  • SHA1

    cbeaea5293d77f823c5478fedeb5a70c9428968b

  • SHA256

    cff9351648921be3f6e19a7317b31617a8d393d233266074f9cc1cc3deadcc0d

  • SHA512

    5e75eaa6f23ba13ae7515e4fb6edb31a81204f407f6065d86abae7a63aa584bd63d311f9c6107997c5f2e9e3af86a9ef27a1cc327dfd53767ce41bbe7f0f9f95

  • SSDEEP

    3072:aKucxBm+kz6eRsA+SVXx1n0FfZ3+6icx1A3W2U1LiMvY49Fyt0N4HU9/j6v14kQ1:gQBm+kz6grRxMZ38cx1A3W2U1LiMvY4V

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fivestarcleanerstx.com/wp-content/mu-plugins/2CLid868/
exe.dropper

https://bhandaraexpress.com/wp-includes/0Iw2jW2/
exe.dropper

http://crm.shaayanpharma.com/application/ffltO/
exe.dropper

http://zazabajouk.com/cf9r4nd/Xsma350581/
exe.dropper

https://e2e-solution.com/sandbox/Sv2880/

Targets

    • Target

      65d60169a351ce777443aa9f0fa8ce72_JaffaCakes118

    • Size

      190KB

    • MD5

      65d60169a351ce777443aa9f0fa8ce72

    • SHA1

      cbeaea5293d77f823c5478fedeb5a70c9428968b

    • SHA256

      cff9351648921be3f6e19a7317b31617a8d393d233266074f9cc1cc3deadcc0d

    • SHA512

      5e75eaa6f23ba13ae7515e4fb6edb31a81204f407f6065d86abae7a63aa584bd63d311f9c6107997c5f2e9e3af86a9ef27a1cc327dfd53767ce41bbe7f0f9f95

    • SSDEEP

      3072:aKucxBm+kz6eRsA+SVXx1n0FfZ3+6icx1A3W2U1LiMvY49Fyt0N4HU9/j6v14kQ1:gQBm+kz6grRxMZ38cx1A3W2U1LiMvY4V

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks