Overview

overview

10

Static

static

1

ba90e11cd4...18.doc

windows7-x64

10

ba90e11cd4...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba90e11cd492ef1566983ff0de65d59b_JaffaCakes118

  • Size

    131KB

  • Sample

    240823-gd9mwazgkq

  • MD5

    ba90e11cd492ef1566983ff0de65d59b

  • SHA1

    974d72a1c015b0e27c4bd3c979159ac37d3093e6

  • SHA256

    f5a0506b51204da89b5f307f453fe5d55c4bb82b07fd69e84a58e43a6e6c1217

  • SHA512

    3dac0a26955cb229771219f8ccf4932b45eb8615e9e555c81cfc4d66f6db275fcdbeb651fa8bc3fc2fe87a9afa59ce1a2dddc12adece981dfdc31d24c9b3c718

  • SSDEEP

    1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqF+NmmGdJxnXv:sR1qf69xak3MgxCCUmmYrnXv

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hopekonnect.com/cgi-bin/v3DD/
exe.dropper

http://cabinetaccuracy.com/wp-includes/n90DBu/
exe.dropper

http://ksulo.com/wp-admin/NvruA/
exe.dropper

https://travcalls.com/blogs/bslVh/
exe.dropper

https://raanivastra.com/wp-content/q/
exe.dropper

http://231brewingco.com/wp-includes/gwUy/
exe.dropper

http://mealeapalacegate.com/cgi-bin/G/

Targets

    • Target

      ba90e11cd492ef1566983ff0de65d59b_JaffaCakes118

    • Size

      131KB

    • MD5

      ba90e11cd492ef1566983ff0de65d59b

    • SHA1

      974d72a1c015b0e27c4bd3c979159ac37d3093e6

    • SHA256

      f5a0506b51204da89b5f307f453fe5d55c4bb82b07fd69e84a58e43a6e6c1217

    • SHA512

      3dac0a26955cb229771219f8ccf4932b45eb8615e9e555c81cfc4d66f6db275fcdbeb651fa8bc3fc2fe87a9afa59ce1a2dddc12adece981dfdc31d24c9b3c718

    • SSDEEP

      1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqF+NmmGdJxnXv:sR1qf69xak3MgxCCUmmYrnXv

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks