Overview

overview

10

Static

static

8

8627fb3379...18.doc

windows7-x64

10

8627fb3379...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8627fb33794cbf0e5c33916b8e0aafcd_JaffaCakes118

  • Size

    198KB

  • Sample

    240531-gprlfahc6s

  • MD5

    8627fb33794cbf0e5c33916b8e0aafcd

  • SHA1

    b7bbf5c0647e9c25dd0a4a8800f6a55232a1451a

  • SHA256

    cd2d217249575d3ddafffc84c42e3ede78250d5b5856c64eca124efa9ba266f9

  • SHA512

    bdee4bae79f0a7dc8cb9d88cc0dcbcf149f0ca386fb79157e4643e4e7edef74545579f1e552683a7f5e0fec98d6fa3894141d8e3def0352805a94d7710a679a2

  • SSDEEP

    3072:9WKWj22TWTogk079THcpOu5UZf5EcbWD+8zp:y/TX07hHcJQxEcKDbzp

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://haymetetrading.com/wp-includes/yGELKj4/
exe.dropper

http://simofferbd24.com/wp-includes/fsiQc/
exe.dropper

http://401kplansinfo.com/cgi-bin/KtFRk/
exe.dropper

http://fidelityguide.com/cgi-bin/VA/
exe.dropper

https://sirnakmidyeci.com/wp-includes/qk9wW2/
exe.dropper

https://subitocarne.com/wp-content/ByeOAt9/
exe.dropper

https://eliesalibaarchitect.com/wordpress/T/

Targets

    • Target

      8627fb33794cbf0e5c33916b8e0aafcd_JaffaCakes118

    • Size

      198KB

    • MD5

      8627fb33794cbf0e5c33916b8e0aafcd

    • SHA1

      b7bbf5c0647e9c25dd0a4a8800f6a55232a1451a

    • SHA256

      cd2d217249575d3ddafffc84c42e3ede78250d5b5856c64eca124efa9ba266f9

    • SHA512

      bdee4bae79f0a7dc8cb9d88cc0dcbcf149f0ca386fb79157e4643e4e7edef74545579f1e552683a7f5e0fec98d6fa3894141d8e3def0352805a94d7710a679a2

    • SSDEEP

      3072:9WKWj22TWTogk079THcpOu5UZf5EcbWD+8zp:y/TX07hHcJQxEcKDbzp

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks