Overview

overview

10

Static

static

8

6bcc38f2c5...18.doc

windows7-x64

10

6bcc38f2c5...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118

  • Size

    151KB

  • Sample

    240523-wngr6sbc54

  • MD5

    6bcc38f2c505ae47eeef8458adac6108

  • SHA1

    2261dc6140ceeac6b4520512de9ffe3e2175078d

  • SHA256

    9412268f1f2c0eb9a06cc682d774e05495a3b4e468749c77e157a5a354c2c8d8

  • SHA512

    53855cd1f39a5f7313de0ade1401de7a058ab4cf07382ef57f0f06b72cfbeb6996a9e139d03897e0477e980346556b21161d8fa21e2969ed767c4d6349526b1c

  • SSDEEP

    3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zgI0E2T5:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCD

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://pressuredspeech.com/dngn/cEmgNTByQ/
exe.dropper

https://phoneringtones.info/wp-content/uploads/qx93_k68trw3j-15334/
exe.dropper

http://safeservicesfze.com/wp-admin/ZmVYmAXv/
exe.dropper

https://freewallpaperdesktop.com/wp-includes/50lz_zkln03lbc-8209361/
exe.dropper

http://noingoaithatthanhnam.com/wp-admin/voytvHre/

Targets

    • Target

      6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118

    • Size

      151KB

    • MD5

      6bcc38f2c505ae47eeef8458adac6108

    • SHA1

      2261dc6140ceeac6b4520512de9ffe3e2175078d

    • SHA256

      9412268f1f2c0eb9a06cc682d774e05495a3b4e468749c77e157a5a354c2c8d8

    • SHA512

      53855cd1f39a5f7313de0ade1401de7a058ab4cf07382ef57f0f06b72cfbeb6996a9e139d03897e0477e980346556b21161d8fa21e2969ed767c4d6349526b1c

    • SSDEEP

      3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zgI0E2T5:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks