Overview

overview

10

Static

static

8

96d6c6bff3...18.doc

windows7-x64

10

96d6c6bff3...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    96d6c6bff39b4bdab9f5f111eeb568a5_JaffaCakes118

  • Size

    149KB

  • Sample

    240605-bdyygshd4v

  • MD5

    96d6c6bff39b4bdab9f5f111eeb568a5

  • SHA1

    588e3e7009af2aa4110fa90eddf6a2eb930042cc

  • SHA256

    616b3634b06ebfcbeafec931856cf7455e3e8bc1c9dcd964e5b8a441aa3511bc

  • SHA512

    0ad5a9825e4f9d3721be0ce743f27e6707ecd7e54de1a33e616d43d118f47e6dc3d26942ed13463a4d0094ac35c894a867d3b3a98ccd092d455129b63bf5ff8d

  • SSDEEP

    3072:cHzxfmNGf4Y1Kol0U3GaMEfffffffff09HJd4NtgIqz0:cHtfmNGfHKouHEfffffffffSpSNtgI60

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://jpwoodfordco.com/admin/sDs/
exe.dropper

http://luzzeri.com/wp-includes/o9G/
exe.dropper

http://matadebenfica.com/permanente/u/
exe.dropper

https://hapyc.com/wp-content/s/
exe.dropper

https://zycccccc.top/wp-content/lx3/
exe.dropper

https://dezurve.sa/webmail/installer/mqi/
exe.dropper

http://swiftlogisticseg.com/wp-admin/7/

Targets

    • Target

      96d6c6bff39b4bdab9f5f111eeb568a5_JaffaCakes118

    • Size

      149KB

    • MD5

      96d6c6bff39b4bdab9f5f111eeb568a5

    • SHA1

      588e3e7009af2aa4110fa90eddf6a2eb930042cc

    • SHA256

      616b3634b06ebfcbeafec931856cf7455e3e8bc1c9dcd964e5b8a441aa3511bc

    • SHA512

      0ad5a9825e4f9d3721be0ce743f27e6707ecd7e54de1a33e616d43d118f47e6dc3d26942ed13463a4d0094ac35c894a867d3b3a98ccd092d455129b63bf5ff8d

    • SSDEEP

      3072:cHzxfmNGf4Y1Kol0U3GaMEfffffffff09HJd4NtgIqz0:cHtfmNGfHKouHEfffffffffSpSNtgI60

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks