Overview

overview

10

Static

static

8

99b145c3c1...18.doc

windows7-x64

10

99b145c3c1...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    99b145c3c1e66c8a9ab3b22cbcf90945_JaffaCakes118

  • Size

    176KB

  • Sample

    240606-bmrwjade2w

  • MD5

    99b145c3c1e66c8a9ab3b22cbcf90945

  • SHA1

    44b2024e31461ef5ff9a67fedad8d346bb693366

  • SHA256

    ee811cdfd43ecaeeeaa64d3ce8c80c91740d968333e17fec9cca54341338c471

  • SHA512

    8b9485ba8719ada06bdc1b3ee240ea006678d747cc84c7658c3a264b27f2f29610027fd02dfcd724093e7e408bb2fc75cc843d16127e80ecc2e9aed90f2a0c05

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a9IGmLtHcZ:trfrzOH98ipgOFcZ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      99b145c3c1e66c8a9ab3b22cbcf90945_JaffaCakes118

    • Size

      176KB

    • MD5

      99b145c3c1e66c8a9ab3b22cbcf90945

    • SHA1

      44b2024e31461ef5ff9a67fedad8d346bb693366

    • SHA256

      ee811cdfd43ecaeeeaa64d3ce8c80c91740d968333e17fec9cca54341338c471

    • SHA512

      8b9485ba8719ada06bdc1b3ee240ea006678d747cc84c7658c3a264b27f2f29610027fd02dfcd724093e7e408bb2fc75cc843d16127e80ecc2e9aed90f2a0c05

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a9IGmLtHcZ:trfrzOH98ipgOFcZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks