Overview

overview

10

Static

static

1

0276487679...18.doc

windows7-x64

10

0276487679...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    027648767959b46319208ac1e290b3c0_JaffaCakes118

  • Size

    174KB

  • Sample

    240727-3f1zeaxgjc

  • MD5

    027648767959b46319208ac1e290b3c0

  • SHA1

    e1b24c613d4af57e8a25e0d590bce75db693d954

  • SHA256

    e56bc063733d1ff4a57a70fa7ba2925de15320cae5a623a2f04fdd771c879f43

  • SHA512

    0c3d12d494d2825c519b710c210ffcd8cd1843b3fae64e011ccc39b371a1cd22522f70e60f7bb938ed77228ff5f2e628aaab9659fed06a4fbbfb85987b0067da

  • SSDEEP

    3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hK7Q8eKU:UBtgVIveNZvnW88xU

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://babyshop.webdungsan.com/wp-admin/n/
exe.dropper

http://nguyenlieuphachehanoi.com/wp-admin/kL/
exe.dropper

http://notesever.com/cgi-bin/Cfs/
exe.dropper

http://superbetprediction.com/js/Qo/
exe.dropper

http://pattanitkpark.com/gipe2h/iqt/
exe.dropper

http://www.xxdaytoy.top/wp-content/E/
exe.dropper

http://huaibangchina.com/kic3kc/c/

Targets

    • Target

      027648767959b46319208ac1e290b3c0_JaffaCakes118

    • Size

      174KB

    • MD5

      027648767959b46319208ac1e290b3c0

    • SHA1

      e1b24c613d4af57e8a25e0d590bce75db693d954

    • SHA256

      e56bc063733d1ff4a57a70fa7ba2925de15320cae5a623a2f04fdd771c879f43

    • SHA512

      0c3d12d494d2825c519b710c210ffcd8cd1843b3fae64e011ccc39b371a1cd22522f70e60f7bb938ed77228ff5f2e628aaab9659fed06a4fbbfb85987b0067da

    • SSDEEP

      3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hK7Q8eKU:UBtgVIveNZvnW88xU

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks