Overview

overview

10

Static

static

8

661b7383fa...18.doc

windows7-x64

10

661b7383fa...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    661b7383fa30bbeac86930d7da605f53_JaffaCakes118

  • Size

    275KB

  • Sample

    240522-ftw62sch46

  • MD5

    661b7383fa30bbeac86930d7da605f53

  • SHA1

    310583f9593ba37081ca251b9651c9a93b20ce53

  • SHA256

    59dc830b757405ad4ef615e6aa82138d705457003e19f7eef93835522be7f6e4

  • SHA512

    31889e66b759e701c3a0996efebda4909237e8b463157bc55bda16b1cf6eb76cdb84768d7828b7aafbd81ecb003b0f2c69971d778cba51438538dc87a2ad09e4

  • SSDEEP

    3072:efKBveCIcLUoKgdzSrGAKyIwLx3ZhGCLEdY9393QI63Uyz/hgdL+Z1mIIqHbMv+8:pBveCIcLUoKUzSbnLx3SjYPfN+DmMIm

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://erakonlaw.com/wp-content/QimayJuMY/
exe.dropper

http://careerplussatna.com/wp-admin/YnKccnhZK/
exe.dropper

http://rameshzawar.com/3ljj6/wQstveMAGm/
exe.dropper

http://planetlancer.com/h8rge/kim66_aeqna80-2085/
exe.dropper

http://pradopro.ru/wp-content/abpiVEof/

Targets

    • Target

      661b7383fa30bbeac86930d7da605f53_JaffaCakes118

    • Size

      275KB

    • MD5

      661b7383fa30bbeac86930d7da605f53

    • SHA1

      310583f9593ba37081ca251b9651c9a93b20ce53

    • SHA256

      59dc830b757405ad4ef615e6aa82138d705457003e19f7eef93835522be7f6e4

    • SHA512

      31889e66b759e701c3a0996efebda4909237e8b463157bc55bda16b1cf6eb76cdb84768d7828b7aafbd81ecb003b0f2c69971d778cba51438538dc87a2ad09e4

    • SSDEEP

      3072:efKBveCIcLUoKgdzSrGAKyIwLx3ZhGCLEdY9393QI63Uyz/hgdL+Z1mIIqHbMv+8:pBveCIcLUoKUzSbnLx3SjYPfN+DmMIm

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks