Overview

overview

10

Static

static

8

8912b50be8...18.doc

windows7-x64

10

8912b50be8...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8912b50be830b8195cbb2c256c46548c_JaffaCakes118

  • Size

    158KB

  • Sample

    240601-ckjb2seb6v

  • MD5

    8912b50be830b8195cbb2c256c46548c

  • SHA1

    24fa07a55baf910692347a353c7eedf1d735f2cd

  • SHA256

    c3398d0143d68598160025f752138b7d986b35d277e83d05c6afeca8f7cced55

  • SHA512

    f6f9a6e9c25b6394f4323135eef921dda37483a658fac7c7c64900a57e6e04e3df71c1a7d533720412abf8e59307ffab54403c10ef2710271b7299708b006ea2

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9xxRiqLE8ct2PU7eXKSSxH5ppJxQFWp:+0rfrzOH98ipg5kJxQFWp

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      8912b50be830b8195cbb2c256c46548c_JaffaCakes118

    • Size

      158KB

    • MD5

      8912b50be830b8195cbb2c256c46548c

    • SHA1

      24fa07a55baf910692347a353c7eedf1d735f2cd

    • SHA256

      c3398d0143d68598160025f752138b7d986b35d277e83d05c6afeca8f7cced55

    • SHA512

      f6f9a6e9c25b6394f4323135eef921dda37483a658fac7c7c64900a57e6e04e3df71c1a7d533720412abf8e59307ffab54403c10ef2710271b7299708b006ea2

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9xxRiqLE8ct2PU7eXKSSxH5ppJxQFWp:+0rfrzOH98ipg5kJxQFWp

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks