Overview

overview

10

Static

static

1

ae97431892...18.doc

windows7-x64

10

ae97431892...18.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    ae97431892a4e244f1ee5dc513ea1528_JaffaCakes118

  • Size

    187KB

  • Sample

    240820-kt49washne

  • MD5

    ae97431892a4e244f1ee5dc513ea1528

  • SHA1

    6656f517d4c8c517b0aec634f227e929072219d6

  • SHA256

    a2ba88f7671dcd2ff21e4527d40086f45df3c3bf24c6041e9aaf60af189f22fc

  • SHA512

    3759d21e4d9287eafeb449f57468db39449d36f790d9a51c891f7c3c1033433043b3dcb5318bd97b24adf1eacd2c210359d333bed5a5c677a6aa8016e511ff69

  • SSDEEP

    3072:dA9ov+mLIX7wzt0HHDnwjacRHvvvvZ18gEm1:Sat0TwDRv8gEm1

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://techiweek.com/wp-includes/FW6/
exe.dropper

https://ravi-tools.com/js/1/
exe.dropper

https://providedigital.com/wp-admin/Igvi3l/
exe.dropper

https://nghiencauca.com/wp-includes/BOInu4E/
exe.dropper

http://jietuo66.com/hwqsv/oC/
exe.dropper

https://oklatu.com/wp-admin/i/
exe.dropper

https://blog.thejobstack.com/pmloibg/M/

Targets

    • Target

      ae97431892a4e244f1ee5dc513ea1528_JaffaCakes118

    • Size

      187KB

    • MD5

      ae97431892a4e244f1ee5dc513ea1528

    • SHA1

      6656f517d4c8c517b0aec634f227e929072219d6

    • SHA256

      a2ba88f7671dcd2ff21e4527d40086f45df3c3bf24c6041e9aaf60af189f22fc

    • SHA512

      3759d21e4d9287eafeb449f57468db39449d36f790d9a51c891f7c3c1033433043b3dcb5318bd97b24adf1eacd2c210359d333bed5a5c677a6aa8016e511ff69

    • SSDEEP

      3072:dA9ov+mLIX7wzt0HHDnwjacRHvvvvZ18gEm1:Sat0TwDRv8gEm1

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks