Overview

overview

10

Static

static

1

96577926d9...18.doc

windows7-x64

10

96577926d9...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    96577926d9a0dee9e3c46f032d001646_JaffaCakes118

  • Size

    162KB

  • Sample

    240814-q3gg3avgqh

  • MD5

    96577926d9a0dee9e3c46f032d001646

  • SHA1

    19e8cdd7ee94b899d83347621e1c3f4ce666bcdb

  • SHA256

    62466a8d4f2f6a06c5614c30388f94c5d1a66f11fd1d62fd99f1d8dbf374b006

  • SHA512

    ff0c0a92c915e2397b76125cb0953e341777f03d3a56cd53416095be20459f6b20625bdfdcfec4c1ec911c3d8aa8fdeadbb13fa05eb4389a4d21b2b5bd16a6f7

  • SSDEEP

    1536:EARD3bNqfNpu39IId5a6XP3Mg8afSqv+RyPJoDMXP/5aeLbtHW7DA2j:3R1qf69xak3MgxStWcG5aucfj

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/Eo/
exe.dropper

http://ottimade.com/wp-content/E/
exe.dropper

https://konican.com/cgi-bin/gz/
exe.dropper

http://glassesnepal.com/gxlaf/tQ6/
exe.dropper

http://kharazmischl.com/w/k/
exe.dropper

https://lojaskock.com.br/BACKUP/AW/
exe.dropper

http://secrice.com/writing/2003/0nI/

Targets

    • Target

      96577926d9a0dee9e3c46f032d001646_JaffaCakes118

    • Size

      162KB

    • MD5

      96577926d9a0dee9e3c46f032d001646

    • SHA1

      19e8cdd7ee94b899d83347621e1c3f4ce666bcdb

    • SHA256

      62466a8d4f2f6a06c5614c30388f94c5d1a66f11fd1d62fd99f1d8dbf374b006

    • SHA512

      ff0c0a92c915e2397b76125cb0953e341777f03d3a56cd53416095be20459f6b20625bdfdcfec4c1ec911c3d8aa8fdeadbb13fa05eb4389a4d21b2b5bd16a6f7

    • SSDEEP

      1536:EARD3bNqfNpu39IId5a6XP3Mg8afSqv+RyPJoDMXP/5aeLbtHW7DA2j:3R1qf69xak3MgxStWcG5aucfj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks