Overview

overview

10

Static

static

8

7b3e303a1a...18.doc

windows7-x64

10

7b3e303a1a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b3e303a1ad77a40ebb99ecfcb66ae66_JaffaCakes118

  • Size

    160KB

  • Sample

    240528-bwzyhaag84

  • MD5

    7b3e303a1ad77a40ebb99ecfcb66ae66

  • SHA1

    c66d8e858bc6c46192c8cacd6f2553acdd385b5f

  • SHA256

    ab30df9089d4f602e41259e086b183739d0b23bc88e239f2878809eab1772bf4

  • SHA512

    b2e64989cfd474894d9b0f5dce638c05d6b2a4208ec9137ffffd1a17b620ae28a716e62603c474126eaf4a984e59d034627bfa96f8f6f0a54f3aaeeeefbbe086

  • SSDEEP

    1536:8Ij9atFqpRIj9atFqpvrdi1Ir77zOH98Wj2gpngB+a9zTU3N7NSPuy:2rfrzOH98ipgbm7NSPb

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://templatejson.com/awrrn/Kw10uo/
exe.dropper

https://hosting.mybestheme.com/aikjj0q/8/
exe.dropper

https://tastes2plate.com/wp-content/uploads/6/
exe.dropper

http://madeirawildlife.com/wp-admin/zuWZW/
exe.dropper

http://senyumdesa.org/wp-admin/aC4/
exe.dropper

https://ibuyoldwebsites.com/modules/QVtEr7/
exe.dropper

http://blog.zunapro.com/wp-admin/js/widgets/EH4agl/

Targets

    • Target

      7b3e303a1ad77a40ebb99ecfcb66ae66_JaffaCakes118

    • Size

      160KB

    • MD5

      7b3e303a1ad77a40ebb99ecfcb66ae66

    • SHA1

      c66d8e858bc6c46192c8cacd6f2553acdd385b5f

    • SHA256

      ab30df9089d4f602e41259e086b183739d0b23bc88e239f2878809eab1772bf4

    • SHA512

      b2e64989cfd474894d9b0f5dce638c05d6b2a4208ec9137ffffd1a17b620ae28a716e62603c474126eaf4a984e59d034627bfa96f8f6f0a54f3aaeeeefbbe086

    • SSDEEP

      1536:8Ij9atFqpRIj9atFqpvrdi1Ir77zOH98Wj2gpngB+a9zTU3N7NSPuy:2rfrzOH98ipgbm7NSPb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks