Overview

overview

10

Static

static

1

a8513e7007...18.doc

windows7-x64

10

a8513e7007...18.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    a8513e7007e15467b1f5f02482f26c6f_JaffaCakes118

  • Size

    153KB

  • Sample

    240818-1hx97awcna

  • MD5

    a8513e7007e15467b1f5f02482f26c6f

  • SHA1

    b5f3a373732351cf48c9d1ba5560a79b0a32d548

  • SHA256

    9a8f07a1a0ac05e0a00f6ec23cfee0db3b2e5c2400b5c9564d770e6a3dd30fcd

  • SHA512

    8aa78e208fe5452d0bc961cc25063feea08274914ffc0e591b093f397fea2a876a540475020b17c557ca3efed601c420097d5a820d16d77725a17d3031d24b09

  • SSDEEP

    1536:oSGB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5p+a9lPKv9knJbGrH:oz22TWTogk079THcpOu5UZ/5UoOfqxE

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://armahouse.com/wp-includes/0/
exe.dropper

http://bitbenderz.com/ali/4Lo/
exe.dropper

http://lagera.com/images/W/
exe.dropper

http://msmartyford.com/assets/OI/
exe.dropper

http://geisterhouse.com/cgi-bin/FE/
exe.dropper

https://konican.com/cgi-bin/nFK/
exe.dropper

https://coolcomputers.info/LLC/zD/

Targets

    • Target

      a8513e7007e15467b1f5f02482f26c6f_JaffaCakes118

    • Size

      153KB

    • MD5

      a8513e7007e15467b1f5f02482f26c6f

    • SHA1

      b5f3a373732351cf48c9d1ba5560a79b0a32d548

    • SHA256

      9a8f07a1a0ac05e0a00f6ec23cfee0db3b2e5c2400b5c9564d770e6a3dd30fcd

    • SHA512

      8aa78e208fe5452d0bc961cc25063feea08274914ffc0e591b093f397fea2a876a540475020b17c557ca3efed601c420097d5a820d16d77725a17d3031d24b09

    • SSDEEP

      1536:oSGB445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ5p+a9lPKv9knJbGrH:oz22TWTogk079THcpOu5UZ/5UoOfqxE

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks