Overview

overview

10

Static

static

1

c12e2972b9...18.doc

windows7-x64

10

c12e2972b9...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c12e2972b96cba50cd12cba1aae05b52_JaffaCakes118

  • Size

    166KB

  • Sample

    240825-vhfggsvale

  • MD5

    c12e2972b96cba50cd12cba1aae05b52

  • SHA1

    81987f54717c5e5307b9479106f7a6614a159496

  • SHA256

    d01c0581ba66c774c00a1cb25f37587e3fe65779511a052b3cad52a6cf4329b9

  • SHA512

    79b4ffd6ee1e6d62b0047ef1079a7af822035583fe4df472201b7f18b5b75499334348f51e47fe77f6c8f7908760b0b070a7a1cfe665df09b3727ba5e6f8b980

  • SSDEEP

    1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqOdotKdz/Rek6Ef3Ei9WEvOM:OR1qf69xak3MgxmgKl/R89i9WAOM

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://odeftg.com/odeftg.com/S/
exe.dropper

http://hbprivileged.com/info/S/
exe.dropper

http://equipamentosmix.com/10/U/
exe.dropper

http://mianusman.com/cgi-bin/Fo/
exe.dropper

https://www.hairlineunisexsalon.com/demo/CyD/
exe.dropper

http://liulibug.com/wp-admin/8Aw/
exe.dropper

https://fcbc.group/wp-includes/O/

Targets

    • Target

      c12e2972b96cba50cd12cba1aae05b52_JaffaCakes118

    • Size

      166KB

    • MD5

      c12e2972b96cba50cd12cba1aae05b52

    • SHA1

      81987f54717c5e5307b9479106f7a6614a159496

    • SHA256

      d01c0581ba66c774c00a1cb25f37587e3fe65779511a052b3cad52a6cf4329b9

    • SHA512

      79b4ffd6ee1e6d62b0047ef1079a7af822035583fe4df472201b7f18b5b75499334348f51e47fe77f6c8f7908760b0b070a7a1cfe665df09b3727ba5e6f8b980

    • SSDEEP

      1536:pARD3bNqfNpu39IId5a6XP3Mg8afmqOdotKdz/Rek6Ef3Ei9WEvOM:OR1qf69xak3MgxmgKl/R89i9WAOM

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks