Overview

overview

10

Static

static

8

ad821f45fd...18.doc

windows7-x64

10

ad821f45fd...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad821f45fd37e6c0279201825fd9c863_JaffaCakes118

  • Size

    194KB

  • Sample

    240615-j8pmastekd

  • MD5

    ad821f45fd37e6c0279201825fd9c863

  • SHA1

    f501d9d9f4ce949dfba08ab988c723bc1661fdfc

  • SHA256

    b50d8b3484a8116a3e3c4ede8ba464455431623dcb44c7918cb1b372fae8c046

  • SHA512

    0db4a31cf0ee9f08c9f7482f56934a7141cb9fa3acc7ecf046d7d15fd2242793ee3f81d94b941fa9cfb3bdeaa5eb47d3d1d5a168431062703f52e4aff61ada9e

  • SSDEEP

    1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVSD:+rfrzOH98ipged58cds

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://boys86.com/wp-admin/mO/
exe.dropper

http://dacyclin.com/3qx/Z/
exe.dropper

https://fepami.com/wp-includes/oRT/
exe.dropper

https://xnxxfullhd.com/wp-admin/NAK/
exe.dropper

https://www.business-management-degree.net/wp-snapshots/W/
exe.dropper

http://homestay.design/wordpress/M/
exe.dropper

https://csc-comunity.com/wp-admin/6DW/

Targets

    • Target

      ad821f45fd37e6c0279201825fd9c863_JaffaCakes118

    • Size

      194KB

    • MD5

      ad821f45fd37e6c0279201825fd9c863

    • SHA1

      f501d9d9f4ce949dfba08ab988c723bc1661fdfc

    • SHA256

      b50d8b3484a8116a3e3c4ede8ba464455431623dcb44c7918cb1b372fae8c046

    • SHA512

      0db4a31cf0ee9f08c9f7482f56934a7141cb9fa3acc7ecf046d7d15fd2242793ee3f81d94b941fa9cfb3bdeaa5eb47d3d1d5a168431062703f52e4aff61ada9e

    • SSDEEP

      1536:DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilqfqdFTaFVT/EA8s9p8cjMfmVSD:+rfrzOH98ipged58cds

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks