Overview

overview

10

Static

static

8

6fbcd43368...18.doc

windows7-x64

10

6fbcd43368...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6fbcd4336821db109a956ca955131688_JaffaCakes118

  • Size

    175KB

  • Sample

    240524-y6rffaac25

  • MD5

    6fbcd4336821db109a956ca955131688

  • SHA1

    0197f3121c8ac4193ea76f8fdd418a05f18765a3

  • SHA256

    3c04b25b3db13173771d70f4aa9fd25006b34fc0c02f707f2dbd8f9b15938720

  • SHA512

    d40159c8fbb9bc62f9b989330c07b49789d7ffbe531b50e2e1066aeb9cac99048bea96ef28929e3aaa9cf8f242db01cb888e664e64506ac5e005e1af58b919e3

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a90GmLtHBZ:trfrzOH98ipg6FBZ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      6fbcd4336821db109a956ca955131688_JaffaCakes118

    • Size

      175KB

    • MD5

      6fbcd4336821db109a956ca955131688

    • SHA1

      0197f3121c8ac4193ea76f8fdd418a05f18765a3

    • SHA256

      3c04b25b3db13173771d70f4aa9fd25006b34fc0c02f707f2dbd8f9b15938720

    • SHA512

      d40159c8fbb9bc62f9b989330c07b49789d7ffbe531b50e2e1066aeb9cac99048bea96ef28929e3aaa9cf8f242db01cb888e664e64506ac5e005e1af58b919e3

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a90GmLtHBZ:trfrzOH98ipg6FBZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks