Overview

overview

10

Static

static

8

9d3555fbc0...18.doc

windows7-x64

10

9d3555fbc0...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d3555fbc0790bcb137842edebf72fb8_JaffaCakes118

  • Size

    178KB

  • Sample

    240611-gqrb3axenk

  • MD5

    9d3555fbc0790bcb137842edebf72fb8

  • SHA1

    fa5aa3b117b2c36b3471eddd5859fdbf57b9ded1

  • SHA256

    b7ab0140593cce2c84d75526697a47affca87f3f9509235a1d0c1dfb70ea5ea8

  • SHA512

    aeb73f816d57b8624d7d430c19022352b6f35a8d8cbff4b481784a074df8942789cf5380977d4105d812b97ab50a948001b2d2d05a206f1da43f0b9608543897

  • SSDEEP

    3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKAvXXjXoIcq+eVuY3SW85r:/77HUUUUUUUUUUUUUUUUUUUT52VDvXDC

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://sukuntextile.com/wp_old/v_N/
exe.dropper

http://www.astoriadrycleaning.com.sg/wp-content/S_4v/
exe.dropper

http://d1mension-capitaland.vn/wp-admin/Dm_C/
exe.dropper

http://xn--80ajoksa8ap9b.xn--p1ai/administrator/r4_iG/
exe.dropper

http://e3consulting.co.me/blogs/e9_6/

Targets

    • Target

      9d3555fbc0790bcb137842edebf72fb8_JaffaCakes118

    • Size

      178KB

    • MD5

      9d3555fbc0790bcb137842edebf72fb8

    • SHA1

      fa5aa3b117b2c36b3471eddd5859fdbf57b9ded1

    • SHA256

      b7ab0140593cce2c84d75526697a47affca87f3f9509235a1d0c1dfb70ea5ea8

    • SHA512

      aeb73f816d57b8624d7d430c19022352b6f35a8d8cbff4b481784a074df8942789cf5380977d4105d812b97ab50a948001b2d2d05a206f1da43f0b9608543897

    • SSDEEP

      3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKAvXXjXoIcq+eVuY3SW85r:/77HUUUUUUUUUUUUUUUUUUUT52VDvXDC

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks