Overview

overview

10

Static

static

8

95726dabe6...18.doc

windows7-x64

10

95726dabe6...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    95726dabe65e22a8fc5b1f688f9b6961_JaffaCakes118

  • Size

    210KB

  • Sample

    240604-tgq16acc6t

  • MD5

    95726dabe65e22a8fc5b1f688f9b6961

  • SHA1

    75fec05182f1e410207bd4034188a0d7c1a2c558

  • SHA256

    a783eae8dc2e2d6cf06971b0229c70d3b8879a725db369f97d35c6c3b48f59f4

  • SHA512

    21982be1325ee07ed6cf9e8b62b6fcbac1bd1f4101f8d373b40c0322451a42072a62942baee3bc88faa9ed5b48f7f467d1115faeef8417f18a38d7d624ebb4ba

  • SSDEEP

    3072:0P22TWTogk079THcpOu5UZwN5kmcB/YNYxgU:E/TX07hHcJQOe0eD

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://waytoger.com/wp-admin/w/
exe.dropper

https://jaguarssus.xyz/wp-admin/GfU/
exe.dropper

https://learnkalmar.com/wp-includes/VSZ/
exe.dropper

http://tiendapablus.net/cgi-bin/SIr/
exe.dropper

https://prsaze.com/wp-admin/7a/
exe.dropper

https://www.campuscamarafp.com/wp-admin/N/
exe.dropper

https://infolockerz.com/wp-content/x/

Targets

    • Target

      95726dabe65e22a8fc5b1f688f9b6961_JaffaCakes118

    • Size

      210KB

    • MD5

      95726dabe65e22a8fc5b1f688f9b6961

    • SHA1

      75fec05182f1e410207bd4034188a0d7c1a2c558

    • SHA256

      a783eae8dc2e2d6cf06971b0229c70d3b8879a725db369f97d35c6c3b48f59f4

    • SHA512

      21982be1325ee07ed6cf9e8b62b6fcbac1bd1f4101f8d373b40c0322451a42072a62942baee3bc88faa9ed5b48f7f467d1115faeef8417f18a38d7d624ebb4ba

    • SSDEEP

      3072:0P22TWTogk079THcpOu5UZwN5kmcB/YNYxgU:E/TX07hHcJQOe0eD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks