Overview

overview

10

Static

static

8

82aac0d8cc...18.doc

windows7-x64

10

82aac0d8cc...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82aac0d8cce13a8b4e65ac8b0b8514e3_JaffaCakes118

  • Size

    193KB

  • Sample

    240530-b2cp6aag99

  • MD5

    82aac0d8cce13a8b4e65ac8b0b8514e3

  • SHA1

    3785a8c835fd89057d8c3e2569e70b66b12e9b35

  • SHA256

    29749cedab7936fd219c79bdd37996ffa78708a96459fa1f4ed8cfa0adfbb493

  • SHA512

    ad22770af40f02f2b9c51cdba27fce5c4b7666ab03595dd982d44694d1bae50251f36f2e6c99cc28801631a54884ea3446f3b66f53f0ddac0edc02878f6f6c82

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a91k1q9Dba/qrHEs+nPyNdOx7He1:+rfrzOH98ipgfva/qTX+nPyLOB+1

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      82aac0d8cce13a8b4e65ac8b0b8514e3_JaffaCakes118

    • Size

      193KB

    • MD5

      82aac0d8cce13a8b4e65ac8b0b8514e3

    • SHA1

      3785a8c835fd89057d8c3e2569e70b66b12e9b35

    • SHA256

      29749cedab7936fd219c79bdd37996ffa78708a96459fa1f4ed8cfa0adfbb493

    • SHA512

      ad22770af40f02f2b9c51cdba27fce5c4b7666ab03595dd982d44694d1bae50251f36f2e6c99cc28801631a54884ea3446f3b66f53f0ddac0edc02878f6f6c82

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a91k1q9Dba/qrHEs+nPyNdOx7He1:+rfrzOH98ipgfva/qTX+nPyLOB+1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks