Overview

overview

10

Static

static

8

92a263d425...18.doc

windows7-x64

10

92a263d425...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92a263d42588a24629d98aa5527e5402_JaffaCakes118

  • Size

    201KB

  • Sample

    240603-v7qzhsfb23

  • MD5

    92a263d42588a24629d98aa5527e5402

  • SHA1

    9693dab1efede5ed922d33bd2830db3002ab6d71

  • SHA256

    f378d52ca240609ddf42cfd7fe5f3c83ed70ce0e560a3e669e0e8c229a9c1f28

  • SHA512

    28ffbce82c61cf9d53266a48d65288f1950948dabd3aa89e735ddce0fbfdb1acef7ff169dcfa77408e8b564f365cac27c381203fc625026c45fda809dcf4a920

  • SSDEEP

    3072:E4PrXcuQuvpzm4bkiaMQgAlS6TisQKz3wGB/TOk/ziEw01:ZDRv1m4bnQgISM/3wGB/TOk+Ew01

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://cahayu.id/wp-includes/jSi7Fd1r2wtg64969/
exe.dropper

https://anhung1102.vn/wp-admin/LtirUcNdN/
exe.dropper

https://idan-online.co.il/wp-admin/PPf124q2l26832/
exe.dropper

http://www.canfrec.com.mx/4swBvrmkkp/VqcoomQpd/
exe.dropper

http://dhartiproject.mysquare.in/temp/ZJd8p5u49737132/
exe.dropper

https://lokeshullamkecskemet.hu/mail/Jnilw/
exe.dropper

http://armonimalatya.com/dermatomic/77qo1g74024/

Targets

    • Target

      92a263d42588a24629d98aa5527e5402_JaffaCakes118

    • Size

      201KB

    • MD5

      92a263d42588a24629d98aa5527e5402

    • SHA1

      9693dab1efede5ed922d33bd2830db3002ab6d71

    • SHA256

      f378d52ca240609ddf42cfd7fe5f3c83ed70ce0e560a3e669e0e8c229a9c1f28

    • SHA512

      28ffbce82c61cf9d53266a48d65288f1950948dabd3aa89e735ddce0fbfdb1acef7ff169dcfa77408e8b564f365cac27c381203fc625026c45fda809dcf4a920

    • SSDEEP

      3072:E4PrXcuQuvpzm4bkiaMQgAlS6TisQKz3wGB/TOk/ziEw01:ZDRv1m4bnQgISM/3wGB/TOk+Ew01

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks