Overview

overview

10

Static

static

8

a81dbc8362...18.doc

windows7-x64

10

a81dbc8362...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a81dbc8362ec1ae2661d967508f2ccd1_JaffaCakes118

  • Size

    221KB

  • Sample

    240614-fwdsgszfmk

  • MD5

    a81dbc8362ec1ae2661d967508f2ccd1

  • SHA1

    9fd6c7d14d344857726fdb532225e4cec2e45f40

  • SHA256

    48ac9d4cbe603c96770da6fe47ffaf9f077de0eeba0afe7a94c1158cdc4e2c49

  • SHA512

    390c9a14213e733ab14000a53fb7a1c7d8bf02588309311764e0774d04e70ec0c8513b0c0213471bf61e1226ee711c75dac85b5aff7a913c216e29a74be550e3

  • SSDEEP

    3072:b4tcTvjvTY140818tIP4ovp+SGju9jDW1M+7Np3S:EtcnvE140o8tIP4apxjDjm7S

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hottco.com/stats/erd/
exe.dropper

http://dutarini.com/cgi-bin/6/
exe.dropper

https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/
exe.dropper

http://pastaciyiz.biz/wp-includes/fvx/
exe.dropper

https://dogaltrm.com/components/r6h/
exe.dropper

https://dortislem.net/administrator/c/
exe.dropper

https://onyourleftracing.com/cgi-bin/QcC/

Targets

    • Target

      a81dbc8362ec1ae2661d967508f2ccd1_JaffaCakes118

    • Size

      221KB

    • MD5

      a81dbc8362ec1ae2661d967508f2ccd1

    • SHA1

      9fd6c7d14d344857726fdb532225e4cec2e45f40

    • SHA256

      48ac9d4cbe603c96770da6fe47ffaf9f077de0eeba0afe7a94c1158cdc4e2c49

    • SHA512

      390c9a14213e733ab14000a53fb7a1c7d8bf02588309311764e0774d04e70ec0c8513b0c0213471bf61e1226ee711c75dac85b5aff7a913c216e29a74be550e3

    • SSDEEP

      3072:b4tcTvjvTY140818tIP4ovp+SGju9jDW1M+7Np3S:EtcnvE140o8tIP4apxjDjm7S

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks