Overview

overview

10

Static

static

1

adf9deee82...18.doc

windows7-x64

10

adf9deee82...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adf9deee821ff21c72918b2509e68115_JaffaCakes118

  • Size

    158KB

  • Sample

    240820-fv871avdmg

  • MD5

    adf9deee821ff21c72918b2509e68115

  • SHA1

    7d41723224dca99fccafa852f16d292b90753a0c

  • SHA256

    6e613f281a3af3a8d773be9013d997281a8af57e592e2f7fbec463c15550304e

  • SHA512

    5335ce4c36596acf4ca5c57caff8a93f8a0f9caee26f80b3660954ad657e2ec3d1ef2a02c2526184195f63102b03524978062fa7bc9777844a2923e3eaab9c55

  • SSDEEP

    3072:MBHqu6dEaKR22TWTogk079THcpOu5UZivLa3PdpdOZ6i:MBKu9aKR/TX07hHcJQaadTOZ6i

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://magnusdc.com/MR/
exe.dropper

http://datummachines.com/assets/u/
exe.dropper

http://immigrationquestion.com/3x_beast/Ty9/
exe.dropper

http://122.117.44.59/wordpress/gS/
exe.dropper

http://3.212.194.3/cwscwi/6u/
exe.dropper

http://41.89.94.30/web/8/
exe.dropper

http://srksmaisw.org/manufacturer/h/

Targets

    • Target

      adf9deee821ff21c72918b2509e68115_JaffaCakes118

    • Size

      158KB

    • MD5

      adf9deee821ff21c72918b2509e68115

    • SHA1

      7d41723224dca99fccafa852f16d292b90753a0c

    • SHA256

      6e613f281a3af3a8d773be9013d997281a8af57e592e2f7fbec463c15550304e

    • SHA512

      5335ce4c36596acf4ca5c57caff8a93f8a0f9caee26f80b3660954ad657e2ec3d1ef2a02c2526184195f63102b03524978062fa7bc9777844a2923e3eaab9c55

    • SSDEEP

      3072:MBHqu6dEaKR22TWTogk079THcpOu5UZivLa3PdpdOZ6i:MBKu9aKR/TX07hHcJQaadTOZ6i

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks