Overview

overview

10

Static

static

8

81e3aaf258...18.doc

windows7-x64

10

81e3aaf258...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81e3aaf258c2912afb2eafe19104a1e4_JaffaCakes118

  • Size

    193KB

  • Sample

    240529-zqg3hahe71

  • MD5

    81e3aaf258c2912afb2eafe19104a1e4

  • SHA1

    726e701e3204db94ddeffd4dbc30e75ab12b3c8c

  • SHA256

    c82c3dc7341a149248f768f8f7da5e9f1ca7dcd9f2d1cd61a56386cfef07ff7b

  • SHA512

    bb163792a7a4cb1ee0f0e0adcad11a29d1049d1ade421409461f07ab271396da5c373283f442ab3a2bafdc9e09299abe1401f70eab86b10f37b62cb6407c564a

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a9Vk1qlDba/qrHEs+nPyNdOx7Uet:+rfrzOH98ipg3va/qTX+nPyLOBNt

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      81e3aaf258c2912afb2eafe19104a1e4_JaffaCakes118

    • Size

      193KB

    • MD5

      81e3aaf258c2912afb2eafe19104a1e4

    • SHA1

      726e701e3204db94ddeffd4dbc30e75ab12b3c8c

    • SHA256

      c82c3dc7341a149248f768f8f7da5e9f1ca7dcd9f2d1cd61a56386cfef07ff7b

    • SHA512

      bb163792a7a4cb1ee0f0e0adcad11a29d1049d1ade421409461f07ab271396da5c373283f442ab3a2bafdc9e09299abe1401f70eab86b10f37b62cb6407c564a

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a9Vk1qlDba/qrHEs+nPyNdOx7Uet:+rfrzOH98ipg3va/qTX+nPyLOBNt

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks