Overview

overview

10

Static

static

8

a4d4d01a3a...18.doc

windows7-x64

10

a4d4d01a3a...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a4d4d01a3ae8bcb57903e4429838c9f1_JaffaCakes118

  • Size

    171KB

  • Sample

    240613-lcpzaswgnq

  • MD5

    a4d4d01a3ae8bcb57903e4429838c9f1

  • SHA1

    87eddd4bdb33ba4da68a3afb6dca5f4a50597c4e

  • SHA256

    5d405365644b1fe72cf334ce68fed86b295cff563010c02d0035a001fea71ce6

  • SHA512

    838c527c80fd94c36a0b072ad894f67978ca9ee64a13952c2aafb09b6705a015679724877b57ca8b00fab64e3e00e44c6cfe8eb7275c5b8754818538a11fcc73

  • SSDEEP

    3072:S4PrXcuQuvpzm4bkiaMQgAlSs5RA+0wk3RQ:TDRv1m4bnQgISsrAdwk3RQ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://eldiosstore.com/css/qpfv_e_y3lk0sp6i/
exe.dropper

http://luckyme247.com/wp-admin/qawpw_v1_ghe1wmzxzc/
exe.dropper

http://vandamebuilders.com/wp-admin/e2ky_18j8_wn4v/
exe.dropper

http://deservingveterans.com/wp-admin/fy_4bqe_zu6ew/
exe.dropper

http://csmbuildersllc.com/wp-admin/teqvm_n0yai_84/

Targets

    • Target

      a4d4d01a3ae8bcb57903e4429838c9f1_JaffaCakes118

    • Size

      171KB

    • MD5

      a4d4d01a3ae8bcb57903e4429838c9f1

    • SHA1

      87eddd4bdb33ba4da68a3afb6dca5f4a50597c4e

    • SHA256

      5d405365644b1fe72cf334ce68fed86b295cff563010c02d0035a001fea71ce6

    • SHA512

      838c527c80fd94c36a0b072ad894f67978ca9ee64a13952c2aafb09b6705a015679724877b57ca8b00fab64e3e00e44c6cfe8eb7275c5b8754818538a11fcc73

    • SSDEEP

      3072:S4PrXcuQuvpzm4bkiaMQgAlSs5RA+0wk3RQ:TDRv1m4bnQgISsrAdwk3RQ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks