Overview

overview

10

Static

static

1

86d2601058...18.doc

windows7-x64

10

86d2601058...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    86d26010588c3308ef1ca16b003a5342_JaffaCakes118

  • Size

    171KB

  • Sample

    240810-t25eaasakf

  • MD5

    86d26010588c3308ef1ca16b003a5342

  • SHA1

    2dcc57b9bf845ed2990212ebb14d0ee1bb6dda45

  • SHA256

    054954c8adf177996d7b60d1f0f7490910c3d38ccfa915725432a3702b1fa6c7

  • SHA512

    7a19272496d35cf79273c4bc8be48be091fb14ae0b8a0a793f02d8ee7eb1624e4e66c9309f7db0efdb1d012e282f32ecfac26be4c33dcf7abebfa3427536a89a

  • SSDEEP

    3072:R9ufstRUUKSns8T00JSHUgteMJ8qMD7gZMFESXiNBaZxPIh:R9ufsfgIf0pLKFESXiNIZxQh

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://shop.qihchina.com/validators/8/
exe.dropper

http://skoolkam.com/blog/5ji/
exe.dropper

http://shopmebom.webdungsan.com/wp-admin/1Oy/
exe.dropper

http://demo77.webdungsan.com/wp-admin/6m/
exe.dropper

https://wyyichen.com/wp-includes/W0N/
exe.dropper

http://94.24.72.63/wp-content/te/
exe.dropper

http://topupez.info/wp-includes/DEr/

Targets

    • Target

      86d26010588c3308ef1ca16b003a5342_JaffaCakes118

    • Size

      171KB

    • MD5

      86d26010588c3308ef1ca16b003a5342

    • SHA1

      2dcc57b9bf845ed2990212ebb14d0ee1bb6dda45

    • SHA256

      054954c8adf177996d7b60d1f0f7490910c3d38ccfa915725432a3702b1fa6c7

    • SHA512

      7a19272496d35cf79273c4bc8be48be091fb14ae0b8a0a793f02d8ee7eb1624e4e66c9309f7db0efdb1d012e282f32ecfac26be4c33dcf7abebfa3427536a89a

    • SSDEEP

      3072:R9ufstRUUKSns8T00JSHUgteMJ8qMD7gZMFESXiNBaZxPIh:R9ufsfgIf0pLKFESXiNIZxQh

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks