Overview

overview

10

Static

static

1

01594faac1...18.doc

windows7-x64

10

01594faac1...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    01594faac1561417c89b895ef4bdd818_JaffaCakes118

  • Size

    138KB

  • Sample

    240727-2eg98s1hpp

  • MD5

    01594faac1561417c89b895ef4bdd818

  • SHA1

    efb49b43775fccdd9108f5dea3c23b05366d0139

  • SHA256

    80c77811d31daab98c1ec0882d3c59b98ad3faadb511c21e4ac662cb9673e1b2

  • SHA512

    7187407cdeacf37882942acbebb4f7f304d6c3b3dfc505ef6276a61b8183644d913c8a8a9dc0d35ea4c33f9e2114d304166a226e4c42dc4c4159485942301570

  • SSDEEP

    1536:mxRD3bNqfNpu39IId5a6XP3Mg8afyq9Tqc380Y:ER1qf69xak3MgxyMqI80Y

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://edu.jmsvclass.com/wp-includes/sZmjSq/
exe.dropper

http://darkblessing.net/e4wftkpn/KNAO9/
exe.dropper

http://trancisconsulting.com/wp-admin/EEoF/
exe.dropper

http://devanyastore.com/wp-content/9J56juA/
exe.dropper

http://healthcureathome.com/ALFA_DATA/iKSdCK6/
exe.dropper

http://www.szwymall.com/wp-content/j29mvS/
exe.dropper

http://www.jornco.com/wp-admin/UT0xBJw/

Targets

    • Target

      01594faac1561417c89b895ef4bdd818_JaffaCakes118

    • Size

      138KB

    • MD5

      01594faac1561417c89b895ef4bdd818

    • SHA1

      efb49b43775fccdd9108f5dea3c23b05366d0139

    • SHA256

      80c77811d31daab98c1ec0882d3c59b98ad3faadb511c21e4ac662cb9673e1b2

    • SHA512

      7187407cdeacf37882942acbebb4f7f304d6c3b3dfc505ef6276a61b8183644d913c8a8a9dc0d35ea4c33f9e2114d304166a226e4c42dc4c4159485942301570

    • SSDEEP

      1536:mxRD3bNqfNpu39IId5a6XP3Mg8afyq9Tqc380Y:ER1qf69xak3MgxyMqI80Y

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks