Overview

overview

10

Static

static

8

66522b9203...18.doc

windows7-x64

10

66522b9203...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66522b920389fcb6d7ddf8808ba0a8ac_JaffaCakes118

  • Size

    173KB

  • Sample

    240522-g92l5sfb5v

  • MD5

    66522b920389fcb6d7ddf8808ba0a8ac

  • SHA1

    f6dfa3ecc41e60d3672a66ea98e15ffb40ffbe64

  • SHA256

    6c15840ece51c9fef3afe93b089baaeb15b75128797ebd2bed4e8bd1f8c091a6

  • SHA512

    410dffc84077ba97781cff7de5418faa0c42825e9b3f606932af70a88afbcfc24f8e3ba13b8e43df7c4488e3d572ae1074893d88bc9161a194e8bbb5de6f7e5a

  • SSDEEP

    3072:g77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qxTkKJLHwVEjx5g8:g77HUUUUUUUUUUUUUUUUUUUT52VWTkKN

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://140.143.246.120/wp-content/5N_E/
exe.dropper

http://colegiodavinci.pe/wp-content/Q4_J/
exe.dropper

http://123.207.82.20/wp-includes/d_A/
exe.dropper

http://165.227.44.216/6bukewf/4_5/
exe.dropper

http://123.207.52.98/wp-content/O3_1/

Targets

    • Target

      66522b920389fcb6d7ddf8808ba0a8ac_JaffaCakes118

    • Size

      173KB

    • MD5

      66522b920389fcb6d7ddf8808ba0a8ac

    • SHA1

      f6dfa3ecc41e60d3672a66ea98e15ffb40ffbe64

    • SHA256

      6c15840ece51c9fef3afe93b089baaeb15b75128797ebd2bed4e8bd1f8c091a6

    • SHA512

      410dffc84077ba97781cff7de5418faa0c42825e9b3f606932af70a88afbcfc24f8e3ba13b8e43df7c4488e3d572ae1074893d88bc9161a194e8bbb5de6f7e5a

    • SSDEEP

      3072:g77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qxTkKJLHwVEjx5g8:g77HUUUUUUUUUUUUUUUUUUUT52VWTkKN

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks