Overview

overview

10

Static

static

8

9fda21c45e...18.doc

windows7-x64

10

9fda21c45e...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9fda21c45e1025ddf41a8d82932c4bc2_JaffaCakes118

  • Size

    159KB

  • Sample

    240612-hzcqpstflj

  • MD5

    9fda21c45e1025ddf41a8d82932c4bc2

  • SHA1

    96df1dc9e84c0e4a4e80e523eb390dffccece2a9

  • SHA256

    3d52c20a70931b0dad6b515cf881dadc3b897464fb960921b93ff654f04e1af0

  • SHA512

    463a23b774630c6f27fd53c9e0460cf49eca8b408d4f126d6c92e2228c577442e6351dcaf4bb6b9472721e36aca6f28223e58b489d0e4c439bccb904860f7ef8

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9bxRiqLE8ct2PU7eXKSSxH5ppJxIFWZ:+0rfrzOH98ipgbkJxIFWZ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      9fda21c45e1025ddf41a8d82932c4bc2_JaffaCakes118

    • Size

      159KB

    • MD5

      9fda21c45e1025ddf41a8d82932c4bc2

    • SHA1

      96df1dc9e84c0e4a4e80e523eb390dffccece2a9

    • SHA256

      3d52c20a70931b0dad6b515cf881dadc3b897464fb960921b93ff654f04e1af0

    • SHA512

      463a23b774630c6f27fd53c9e0460cf49eca8b408d4f126d6c92e2228c577442e6351dcaf4bb6b9472721e36aca6f28223e58b489d0e4c439bccb904860f7ef8

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9bxRiqLE8ct2PU7eXKSSxH5ppJxIFWZ:+0rfrzOH98ipgbkJxIFWZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks