Overview

overview

10

Static

static

8

6854081d8e...18.doc

windows7-x64

10

6854081d8e...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6854081d8e5a2906adc164b0ac4e66b2_JaffaCakes118

  • Size

    199KB

  • Sample

    240522-xzdekadc8y

  • MD5

    6854081d8e5a2906adc164b0ac4e66b2

  • SHA1

    a9dce19329395c40558b14ea98679bd3c3528b88

  • SHA256

    e9eff908cfb2fea5ff6ba4cdec1d8b6308d5fbe0ed82f4bf786cecb37f9eb655

  • SHA512

    c3d5c651efeec335271a22dc555fd74212c6dde504191a627c6ece5e0d3eb3552f8720d9843b38bc2b0459eac18adaa368a98f946eecc2e2d7df1d3c4381c584

  • SSDEEP

    3072:Vqg22TWTogk079THcpOu5UZ3pfRvAKprR5:d/TX07hHcJQ9d5

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ora-ks.com/system/cache/MF1h/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/s3/
exe.dropper

http://buyparrotsaustralia.com/4318z/q/
exe.dropper

https://dubai-homes.ae/wp-admin/4v/
exe.dropper

http://adventureitdate.com/wp-admin/7/
exe.dropper

http://blog.zunapro.com/wp-admin/GoSV/
exe.dropper

https://fepami.com/wp-includes/h/

Targets

    • Target

      6854081d8e5a2906adc164b0ac4e66b2_JaffaCakes118

    • Size

      199KB

    • MD5

      6854081d8e5a2906adc164b0ac4e66b2

    • SHA1

      a9dce19329395c40558b14ea98679bd3c3528b88

    • SHA256

      e9eff908cfb2fea5ff6ba4cdec1d8b6308d5fbe0ed82f4bf786cecb37f9eb655

    • SHA512

      c3d5c651efeec335271a22dc555fd74212c6dde504191a627c6ece5e0d3eb3552f8720d9843b38bc2b0459eac18adaa368a98f946eecc2e2d7df1d3c4381c584

    • SSDEEP

      3072:Vqg22TWTogk079THcpOu5UZ3pfRvAKprR5:d/TX07hHcJQ9d5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks