Overview

overview

10

Static

static

8

b588d945bb...18.doc

windows7-x64

10

b588d945bb...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b588d945bb78c4e3e7fdd4732909e142_JaffaCakes118

  • Size

    159KB

  • Sample

    240616-2jn9ca1fkh

  • MD5

    b588d945bb78c4e3e7fdd4732909e142

  • SHA1

    25b6a3d4fc55c0840b4ea2b7914000207378c00c

  • SHA256

    793c4468a9e884d73484aa56d9bdde013d34801ae1e8120652713811130e560f

  • SHA512

    1ba2b1a229c9c5c126dcfc86bae39c1ef139afd46b44f63944d0bb93ad22eb5cdcd5bcab563308ddb04986866717ddc5e2e761af17662b48a0a2f816545e943e

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9rLln2/5Xq:9rfrzOH98ipgnL05Xq

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      b588d945bb78c4e3e7fdd4732909e142_JaffaCakes118

    • Size

      159KB

    • MD5

      b588d945bb78c4e3e7fdd4732909e142

    • SHA1

      25b6a3d4fc55c0840b4ea2b7914000207378c00c

    • SHA256

      793c4468a9e884d73484aa56d9bdde013d34801ae1e8120652713811130e560f

    • SHA512

      1ba2b1a229c9c5c126dcfc86bae39c1ef139afd46b44f63944d0bb93ad22eb5cdcd5bcab563308ddb04986866717ddc5e2e761af17662b48a0a2f816545e943e

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9rLln2/5Xq:9rfrzOH98ipgnL05Xq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks