Overview

overview

10

Static

static

1

694ccbbf72...18.doc

windows7-x64

10

694ccbbf72...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    694ccbbf720ce4698640a6ff40e2c8f4_JaffaCakes118

  • Size

    175KB

  • Sample

    240523-byafmagh97

  • MD5

    694ccbbf720ce4698640a6ff40e2c8f4

  • SHA1

    e60be93093cac1b75dd806c5798c5fc80b8c9353

  • SHA256

    3e95ef738095e4be4c467124e37a4dd934869e1ab1cb93105d38ca79b589350a

  • SHA512

    fd8edf99ede986689edf0a3bd33434ed3686fd6d48b3877a0c9dbf6ad6afb49f95ea31ef2387ed133480b1b2fe4b0c0189f5b28e27c0e8e8ee843b80591d9f7b

  • SSDEEP

    3072:O9ufstRUUKSns8T00JSHUgteMJ8qMD7gTDBBGB4c:O9ufsfgIf0pL/BBGB4c

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://bonyanet.com/wp-admin/iR/
exe.dropper

http://ofoghzagros.com/wp-admin/H/
exe.dropper

https://ilinknepal.com/infosysnepal.com/Zdz/
exe.dropper

https://storypostar.com/wp-admin/j/
exe.dropper

https://www.pixelstoryteller.com/hydroplane-definition/wzb/
exe.dropper

https://redchillicrackers.com/wp-content/p/
exe.dropper

http://www.co-traveling.com/cgi-bin/003/

Targets

    • Target

      694ccbbf720ce4698640a6ff40e2c8f4_JaffaCakes118

    • Size

      175KB

    • MD5

      694ccbbf720ce4698640a6ff40e2c8f4

    • SHA1

      e60be93093cac1b75dd806c5798c5fc80b8c9353

    • SHA256

      3e95ef738095e4be4c467124e37a4dd934869e1ab1cb93105d38ca79b589350a

    • SHA512

      fd8edf99ede986689edf0a3bd33434ed3686fd6d48b3877a0c9dbf6ad6afb49f95ea31ef2387ed133480b1b2fe4b0c0189f5b28e27c0e8e8ee843b80591d9f7b

    • SSDEEP

      3072:O9ufstRUUKSns8T00JSHUgteMJ8qMD7gTDBBGB4c:O9ufsfgIf0pL/BBGB4c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks