Overview

overview

10

Static

static

8

93313638b2...18.doc

windows7-x64

10

93313638b2...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93313638b2b9b629f12440fb73b25b74_JaffaCakes118

  • Size

    214KB

  • Sample

    240604-a739magb75

  • MD5

    93313638b2b9b629f12440fb73b25b74

  • SHA1

    e0244eecce6069eb61faadc392a74138828936db

  • SHA256

    306d435e7144e90ac64d022d1aba40808a9b00583cb0c1f22750a430fc9b8ba3

  • SHA512

    21086aa3ce0c7d6e263b30210f335b121ac1b61813c5c555a790206e16b44e408f14f1ff513a817d1407015765abd2046bf46f6659997736c447262c3c3117e4

  • SSDEEP

    1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9dkLShGkVAelnXo:222TWTogk079THcpOu5UZ4WhGMln4T

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dongyabingfu.com/wp-includes/w/
exe.dropper

http://givingthanksdaily.com/Q/
exe.dropper

http://uniteddatabase.net/wp-admin/dhJ/
exe.dropper

http://www.gozowindmill.com/meteo/nmy/
exe.dropper

http://kcdryervents.com/ca/D/
exe.dropper

http://www.greaudstudio.com/docs/kGQ/
exe.dropper

https://mrveggy.com/erros/3Ss/

Targets

    • Target

      93313638b2b9b629f12440fb73b25b74_JaffaCakes118

    • Size

      214KB

    • MD5

      93313638b2b9b629f12440fb73b25b74

    • SHA1

      e0244eecce6069eb61faadc392a74138828936db

    • SHA256

      306d435e7144e90ac64d022d1aba40808a9b00583cb0c1f22750a430fc9b8ba3

    • SHA512

      21086aa3ce0c7d6e263b30210f335b121ac1b61813c5c555a790206e16b44e408f14f1ff513a817d1407015765abd2046bf46f6659997736c447262c3c3117e4

    • SSDEEP

      1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9dkLShGkVAelnXo:222TWTogk079THcpOu5UZ4WhGMln4T

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks