Overview

overview

10

Static

static

8

a7fd901444...18.doc

windows7-x64

10

a7fd901444...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7fd9014440311a58c96d4066c7567c3_JaffaCakes118

  • Size

    188KB

  • Sample

    240614-exp2gavdnh

  • MD5

    a7fd9014440311a58c96d4066c7567c3

  • SHA1

    bab3d9574ef168a4a42152c30679dc9e49dda98d

  • SHA256

    f656f7fc2ac175767aea79393803f493b18211403a390c2daf9c5dae720e26e3

  • SHA512

    7875ed62873235a45dc2b49557057bd5654a4c689ad92f2cb56be7a18a42a37690f7f5478d9f0ccd4dca95bddb14bbc5ff5a2b8cf8fa93bdae24b954e559f991

  • SSDEEP

    1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnR:vrfrzOH98ipgEh58YJ

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://dtyl.shop/wp-content/W68Nx/
exe.dropper

https://star-speed.vip/wp-admin/U2jRIg/
exe.dropper

https://cshub123.cn/wp-admin/Gajs/
exe.dropper

https://viettellogistics.com.vn/wp-content/oS4/
exe.dropper

http://cococat.se/wp-admin/2Oaf/
exe.dropper

http://andresirjan.ir/wp-admin/JSH/
exe.dropper

https://sptrade.com.br/wp-includes/iFZOvL/

Targets

    • Target

      a7fd9014440311a58c96d4066c7567c3_JaffaCakes118

    • Size

      188KB

    • MD5

      a7fd9014440311a58c96d4066c7567c3

    • SHA1

      bab3d9574ef168a4a42152c30679dc9e49dda98d

    • SHA256

      f656f7fc2ac175767aea79393803f493b18211403a390c2daf9c5dae720e26e3

    • SHA512

      7875ed62873235a45dc2b49557057bd5654a4c689ad92f2cb56be7a18a42a37690f7f5478d9f0ccd4dca95bddb14bbc5ff5a2b8cf8fa93bdae24b954e559f991

    • SSDEEP

      1536:RGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilATmd8YkYeT/EA8sap8cjufajnR:vrfrzOH98ipgEh58YJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks