Overview

overview

10

Static

static

8

841950d496...18.doc

windows7-x64

10

841950d496...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    841950d4960ca478bef08a84a45b10db_JaffaCakes118

  • Size

    252KB

  • Sample

    240530-nskevsfh9s

  • MD5

    841950d4960ca478bef08a84a45b10db

  • SHA1

    1f5157b1af61386767e67cab08349f7592c058eb

  • SHA256

    14e476c161d3f8ac920d9952493c507a6f5305c9661333847059ed101c75ecd5

  • SHA512

    ece6700b9e243229124cdbe124c5c66301f5ef7666e3dd01da58650ec4ab908b4a15a8cf5560f6de670831a2e1b2b70a52470041dca1abd219d079bf2014ff24

  • SSDEEP

    3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////6:C0uXnWFchmmcI/o1/d2yER+

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hoagietesting10.com/wp-content/SJ/
exe.dropper

http://iscamenabe.com/wp-content/1PR/
exe.dropper

http://vietmade.org/wp-admin/8/
exe.dropper

http://www.filamchimovies.com/wp-admin/8/
exe.dropper

https://strattonmobile.com/wp-content/yl/
exe.dropper

https://blog.qgdxzs.com/wp-admin/I/
exe.dropper

http://vietsex.pro/wp-content/PX/

Targets

    • Target

      841950d4960ca478bef08a84a45b10db_JaffaCakes118

    • Size

      252KB

    • MD5

      841950d4960ca478bef08a84a45b10db

    • SHA1

      1f5157b1af61386767e67cab08349f7592c058eb

    • SHA256

      14e476c161d3f8ac920d9952493c507a6f5305c9661333847059ed101c75ecd5

    • SHA512

      ece6700b9e243229124cdbe124c5c66301f5ef7666e3dd01da58650ec4ab908b4a15a8cf5560f6de670831a2e1b2b70a52470041dca1abd219d079bf2014ff24

    • SSDEEP

      3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////6:C0uXnWFchmmcI/o1/d2yER+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks