Overview

overview

10

Static

static

1

865045b934...18.doc

windows7-x64

10

865045b934...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    865045b9340cbccf3a4e3dd9c836bf35_JaffaCakes118

  • Size

    190KB

  • Sample

    240531-jkdvwsbf2w

  • MD5

    865045b9340cbccf3a4e3dd9c836bf35

  • SHA1

    65389b9720149eb03e018c504abd2511df6e4d21

  • SHA256

    d1a5686c4fa9645f0fb514192daab9f41de42969b089d957941b6b83bc2791d0

  • SHA512

    4bf84647a1952f29e1ac174f01ce56afce469090f76893fc892f12e616203cd3b6de206b742b54b2d72725099302e8b0b827ded6519bdf7fcbb85af1730874bc

  • SSDEEP

    3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjy0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pLNKbS

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://reklamdasiniz.com/wp-admin/W/
exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/7S/
exe.dropper

http://bimasoftcbt.maannajahjakarta.com/wp-admin/i3K/
exe.dropper

http://casualhome.com/wp-admin/Y/
exe.dropper

https://aemine.vn/wp-admin/KMq/
exe.dropper

http://aahnaturals.net/wp-includes/A3/
exe.dropper

https://sbsec.org/bsadmin-portal/1nf/

Targets

    • Target

      865045b9340cbccf3a4e3dd9c836bf35_JaffaCakes118

    • Size

      190KB

    • MD5

      865045b9340cbccf3a4e3dd9c836bf35

    • SHA1

      65389b9720149eb03e018c504abd2511df6e4d21

    • SHA256

      d1a5686c4fa9645f0fb514192daab9f41de42969b089d957941b6b83bc2791d0

    • SHA512

      4bf84647a1952f29e1ac174f01ce56afce469090f76893fc892f12e616203cd3b6de206b742b54b2d72725099302e8b0b827ded6519bdf7fcbb85af1730874bc

    • SSDEEP

      3072:i9ufstRUUKSns8T00JSHUgteMJ8qMD7gjy0zKNf9cfmfE7qdmVJKk/Juvc5a8a8L:i9ufsfgIf0pLNKbS

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks