Overview

overview

10

Static

static

8

sample.doc

windows7-x64

10

sample.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    871b78f119796ee610a09b3a9cc822b1_JaffaCakes118

  • Size

    61KB

  • Sample

    240531-qcf4lsac77

  • MD5

    871b78f119796ee610a09b3a9cc822b1

  • SHA1

    2ca32ab07dae505ad800d4298b1f6578eab5bdc8

  • SHA256

    1f5d57b0ab061a873279f01685738e025182d1b04b6f92b384439032f4832635

  • SHA512

    2a5239e8b1df0cb2b7c97c8f821f19723ff3bac1809a0e277493555b93d108442a8a695eb575c2576adec036d91a59c346ff7af29ecc72c05dfba1ce6a55f7a4

  • SSDEEP

    1536:1P8h47EAVJEiw1TNDEPE7WMTxdLjfPz+MkwaymTB4Md9ykj:ymgAVSxNl7WIxlj3z+M9/md4qj

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://case.gonukkad.com/sys-cache/CjT/
exe.dropper

https://starrcoin.net/wp-admin/YT/
exe.dropper

http://modelaw.devkind.com.au/wp-admin/cvDRmGK/
exe.dropper

http://dprkp.palembang.go.id/sys-cache/7Y4aHw/
exe.dropper

http://completeguideblogging.com/euiot/PAuJG/
exe.dropper

http://qutiche.cn/wp-admin/Q/
exe.dropper

https://shiva-engineering.com/1cj/tKemHV7/

Targets

    • Target

      sample

    • Size

      157KB

    • MD5

      07541823190d022e1a1136ded8f06fa3

    • SHA1

      83c4da7f699f80abb815c25677585e891a60a1ff

    • SHA256

      9125706ef9bf6b56ee381a86a48c2c6db5aca9a2ccf49ec1ccb2682c3257966b

    • SHA512

      d5547163c074e986efe32b9f7d071769dcdebf2a532f22b36df66a5e96bb4c1b7611d82bfe505990dddc48e48a3bebe36aac911a84fd3070d7651af7115ddf5e

    • SSDEEP

      1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a99lJiMV:1rfrzOH98ipgbYMV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks