Overview

overview

10

Static

static

8

96b2db5c78...18.doc

windows7-x64

10

96b2db5c78...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96b2db5c78b44df39dc9e5e9f0bc6d03_JaffaCakes118

  • Size

    176KB

  • Sample

    240605-abgqragf57

  • MD5

    96b2db5c78b44df39dc9e5e9f0bc6d03

  • SHA1

    60aac296a751c4ca26784bf09c13f0a1feb27b1a

  • SHA256

    2111e686944a54f955abb3629f1c0ea08c05a3f1dd451181a8612dbcf4e25cc6

  • SHA512

    2d736a43fef03d0fd51a72329c0e430a1c3d576f7cfee8ee08a1bf83112d1933a362f4371c4a65ecf51ffb5a558d00beee5a6cad5d8cd9dae506e44f6d4049fa

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a97GmLtHAL:trfrzOH98ipg/FAL

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      96b2db5c78b44df39dc9e5e9f0bc6d03_JaffaCakes118

    • Size

      176KB

    • MD5

      96b2db5c78b44df39dc9e5e9f0bc6d03

    • SHA1

      60aac296a751c4ca26784bf09c13f0a1feb27b1a

    • SHA256

      2111e686944a54f955abb3629f1c0ea08c05a3f1dd451181a8612dbcf4e25cc6

    • SHA512

      2d736a43fef03d0fd51a72329c0e430a1c3d576f7cfee8ee08a1bf83112d1933a362f4371c4a65ecf51ffb5a558d00beee5a6cad5d8cd9dae506e44f6d4049fa

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a97GmLtHAL:trfrzOH98ipg/FAL

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks