Overview

overview

10

Static

static

8

69dd6e2ac3...18.doc

windows7-x64

10

69dd6e2ac3...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    69dd6e2ac3ac50b2383f138fc4da3b41_JaffaCakes118

  • Size

    175KB

  • Sample

    240523-f2pryafa84

  • MD5

    69dd6e2ac3ac50b2383f138fc4da3b41

  • SHA1

    2271fc24f265c2b91480cde99afe78ebc8355963

  • SHA256

    8e53c80df5380a098783ffbee94ed572d63fecf8753904f25a12075657f1d4de

  • SHA512

    38d9a30724fba3ec1cc33f6417714a6ea591f74b31301aa3e1cd03fac34bfb1fe91c19f4e751c464e2f427042a5eb598f2533fdf2c33f3efa0332058ef728040

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a9+GmLtHv5:trfrzOH98ipgoFv5

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      69dd6e2ac3ac50b2383f138fc4da3b41_JaffaCakes118

    • Size

      175KB

    • MD5

      69dd6e2ac3ac50b2383f138fc4da3b41

    • SHA1

      2271fc24f265c2b91480cde99afe78ebc8355963

    • SHA256

      8e53c80df5380a098783ffbee94ed572d63fecf8753904f25a12075657f1d4de

    • SHA512

      38d9a30724fba3ec1cc33f6417714a6ea591f74b31301aa3e1cd03fac34bfb1fe91c19f4e751c464e2f427042a5eb598f2533fdf2c33f3efa0332058ef728040

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a9+GmLtHv5:trfrzOH98ipgoFv5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks