Overview

overview

10

Static

static

8

7fb3aaa1d3...18.doc

windows7-x64

10

7fb3aaa1d3...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7fb3aaa1d30f9759ef73fa41b159cfe3_JaffaCakes118

  • Size

    157KB

  • Sample

    240529-gkr2eadc93

  • MD5

    7fb3aaa1d30f9759ef73fa41b159cfe3

  • SHA1

    125dc486f6ddd9d9f3a12324ab682b30a7835fc3

  • SHA256

    5961fcb88f0e94e30cd06002aa7653bfe00c9ca29501fa70409464450b8d1217

  • SHA512

    f6f4b4ba21053e921168c41b739fc7739313b305d568a184d36c186a91b5b79c4fbeccf0d6f2f801f13725b93f9680f5b43a3204969a29ff4130d26330d148b6

  • SSDEEP

    1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9OlJiEn:1rfrzOH98ipg8YEn

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://case.gonukkad.com/sys-cache/CjT/
exe.dropper

https://starrcoin.net/wp-admin/YT/
exe.dropper

http://modelaw.devkind.com.au/wp-admin/cvDRmGK/
exe.dropper

http://dprkp.palembang.go.id/sys-cache/7Y4aHw/
exe.dropper

http://completeguideblogging.com/euiot/PAuJG/
exe.dropper

http://qutiche.cn/wp-admin/Q/
exe.dropper

https://shiva-engineering.com/1cj/tKemHV7/

Targets

    • Target

      7fb3aaa1d30f9759ef73fa41b159cfe3_JaffaCakes118

    • Size

      157KB

    • MD5

      7fb3aaa1d30f9759ef73fa41b159cfe3

    • SHA1

      125dc486f6ddd9d9f3a12324ab682b30a7835fc3

    • SHA256

      5961fcb88f0e94e30cd06002aa7653bfe00c9ca29501fa70409464450b8d1217

    • SHA512

      f6f4b4ba21053e921168c41b739fc7739313b305d568a184d36c186a91b5b79c4fbeccf0d6f2f801f13725b93f9680f5b43a3204969a29ff4130d26330d148b6

    • SSDEEP

      1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9OlJiEn:1rfrzOH98ipg8YEn

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks