Overview

overview

10

Static

static

8

88e40ba1cc...18.doc

windows7-x64

10

88e40ba1cc...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    88e40ba1cc32d23b2385787fbc704f22_JaffaCakes118

  • Size

    159KB

  • Sample

    240601-a38csabf2z

  • MD5

    88e40ba1cc32d23b2385787fbc704f22

  • SHA1

    f27611ace71871ba1cd9af5e970c8f8b0b1f1637

  • SHA256

    14440483c16de45c1110dc63ea98ca678597fb61def2073ba48d3a8f5443f638

  • SHA512

    41b959f57f409198ef996360f37e27e32432087c6a045efe9ab44e76788e2b0b93af321e15de5750c80f080bbfbd4d7f426ef936732c826a6eb564dc9db9f83b

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ALln2/5Ce:9rfrzOH98ipgcL05Ce

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      88e40ba1cc32d23b2385787fbc704f22_JaffaCakes118

    • Size

      159KB

    • MD5

      88e40ba1cc32d23b2385787fbc704f22

    • SHA1

      f27611ace71871ba1cd9af5e970c8f8b0b1f1637

    • SHA256

      14440483c16de45c1110dc63ea98ca678597fb61def2073ba48d3a8f5443f638

    • SHA512

      41b959f57f409198ef996360f37e27e32432087c6a045efe9ab44e76788e2b0b93af321e15de5750c80f080bbfbd4d7f426ef936732c826a6eb564dc9db9f83b

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ALln2/5Ce:9rfrzOH98ipgcL05Ce

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks