Overview

overview

10

Static

static

8

abc30092aa...18.doc

windows7-x64

10

abc30092aa...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abc30092aa7f11a4956008b791562f89_JaffaCakes118

  • Size

    152KB

  • Sample

    240614-2c9xgasdnm

  • MD5

    abc30092aa7f11a4956008b791562f89

  • SHA1

    65b8963cd65a211eaa837094344bb8b239c275d3

  • SHA256

    a918b268968b5a10adab11be7cccc5d1993e3bb2fd81b1bff64d3351fe6b0d01

  • SHA512

    a611dcbc513b72a547a94b6ed73e6afc427b9ec8a6fb8e9b5d149d987acaab9d51d6c7e8396a988ca6cb2270b78c0d4175818b8c743edfb6b633b6d0e5d30add

  • SSDEEP

    1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9z7Qb4HrO4urHA:VzrfrzOH98ipgn7I4HrO4urHA

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://cnnmediaservices.com/wp-admin/czBMOhz/
exe.dropper

http://ak3.net/t0XJ/
exe.dropper

http://ovday.com/1umq/S5IWl04/
exe.dropper

http://gch7.com/wp-includes/Nkwp/
exe.dropper

http://chengmikeji.com/wp-includes/9QQ/
exe.dropper

http://blog.anseeing.com/sys-cache/h/
exe.dropper

http://1sync-wp.x.opencrm.eu/wp-content/Bu/

Targets

    • Target

      abc30092aa7f11a4956008b791562f89_JaffaCakes118

    • Size

      152KB

    • MD5

      abc30092aa7f11a4956008b791562f89

    • SHA1

      65b8963cd65a211eaa837094344bb8b239c275d3

    • SHA256

      a918b268968b5a10adab11be7cccc5d1993e3bb2fd81b1bff64d3351fe6b0d01

    • SHA512

      a611dcbc513b72a547a94b6ed73e6afc427b9ec8a6fb8e9b5d149d987acaab9d51d6c7e8396a988ca6cb2270b78c0d4175818b8c743edfb6b633b6d0e5d30add

    • SSDEEP

      1536:VCOIDQhDHR4OIDQhDHRdrdi1Ir77zOH98Wj2gpngB+a9z7Qb4HrO4urHA:VzrfrzOH98ipgn7I4HrO4urHA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks