Overview

overview

10

Static

static

1

7a9e6a6856...18.doc

windows7-x64

10

7a9e6a6856...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7a9e6a6856ea114f430d45a140945744_JaffaCakes118

  • Size

    191KB

  • Sample

    240527-1hfp5sah9y

  • MD5

    7a9e6a6856ea114f430d45a140945744

  • SHA1

    9c82025c13e05c6c811f64ff8a75304475ac379f

  • SHA256

    7744f5715a96dc3c30dfb9adce7f8efb5f4d75b82e2451503bd5db8f11d80402

  • SHA512

    67589fe3266c5594adfd99766a1f31bae134f34cd78d09238e60e1e99bc8b908f8b6d8100e3d5851e63352bd028e6fef481a81e8123b95d0eb50f5a0c8e7cbd0

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjN0zKNf9cfmfE7qdmVJKk/Juvc5a8a8b:i9ufsfgIf0pLWKby

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/
exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/
exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
exe.dropper

http://casualhome.com/wp-admin/Y/
exe.dropper

https://aemine.vn/wp-admin/KMq/
exe.dropper

http://aahnaturals.net/wp-includes/A3/
exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      7a9e6a6856ea114f430d45a140945744_JaffaCakes118

    • Size

      191KB

    • MD5

      7a9e6a6856ea114f430d45a140945744

    • SHA1

      9c82025c13e05c6c811f64ff8a75304475ac379f

    • SHA256

      7744f5715a96dc3c30dfb9adce7f8efb5f4d75b82e2451503bd5db8f11d80402

    • SHA512

      67589fe3266c5594adfd99766a1f31bae134f34cd78d09238e60e1e99bc8b908f8b6d8100e3d5851e63352bd028e6fef481a81e8123b95d0eb50f5a0c8e7cbd0

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjN0zKNf9cfmfE7qdmVJKk/Juvc5a8a8b:i9ufsfgIf0pLWKby

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks