Overview

overview

10

Static

static

8

9c5f9dc0e3...18.doc

windows7-x64

10

9c5f9dc0e3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c5f9dc0e3face37a2c84bd11af4a56f_JaffaCakes118

  • Size

    190KB

  • Sample

    240610-31amyswbqe

  • MD5

    9c5f9dc0e3face37a2c84bd11af4a56f

  • SHA1

    cf3045b25e8c182245da6b599c50e5abc09a8b70

  • SHA256

    37e160826469f43f38690f2a097190027c40e8d072c192c2dc36ac96a3855ca8

  • SHA512

    ca061f7cec4bc0c995f0839fb85d59afdf60e4c2a39bba3c06983ddfc29d36f22ae83db05b3cab0e2f30ee3d17183d3bddeefd8f0222be19a91d98e455827f09

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZxNu81zUz4LKhB:E/TX07hHcJQjuezUELCB

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/
exe.dropper

http://injazjordan.com/moodle/Vh/
exe.dropper

https://site1.xyz/wp-admin/Y/
exe.dropper

http://2bstone.com/vr7tf0c/ZD/
exe.dropper

http://biology-360.com/wp-admin/hv/
exe.dropper

http://tez-tour.site/wp-content/9sB/
exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      9c5f9dc0e3face37a2c84bd11af4a56f_JaffaCakes118

    • Size

      190KB

    • MD5

      9c5f9dc0e3face37a2c84bd11af4a56f

    • SHA1

      cf3045b25e8c182245da6b599c50e5abc09a8b70

    • SHA256

      37e160826469f43f38690f2a097190027c40e8d072c192c2dc36ac96a3855ca8

    • SHA512

      ca061f7cec4bc0c995f0839fb85d59afdf60e4c2a39bba3c06983ddfc29d36f22ae83db05b3cab0e2f30ee3d17183d3bddeefd8f0222be19a91d98e455827f09

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZxNu81zUz4LKhB:E/TX07hHcJQjuezUELCB

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks