Overview

overview

10

Static

static

8

d174619fe4...18.doc

windows7-x64

10

d174619fe4...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d174619fe48b1772781eebcc7eaf7370_JaffaCakes118

  • Size

    162KB

  • Sample

    240907-jyl4estcqm

  • MD5

    d174619fe48b1772781eebcc7eaf7370

  • SHA1

    aab75b5fa4fbeb3eca9bafd13a0c7d98f6ae7418

  • SHA256

    4c8ce870a9ee4d6f0f57a5f70788d9325d958acaf002abf30133606b8ac4d3e3

  • SHA512

    519a1dd689089a9decf399795d24c1e77a44eb1fe8db4c165620e4c448852eafac533e2034c6ab5a636286c5323f706b89220a9e92931ce6315a0b0a17d2be11

  • SSDEEP

    1536:Brdi1Ir77zOH98Wj2gpngR+a9aGPrPkNFLCA/Z:BrfrzOH98ipgeGPgN5B/Z

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hoagietesting10.com/wp-content/SJ/
exe.dropper

http://degepro.com/eTrac/s9/
exe.dropper

http://hbprivileged.com/info/rp/
exe.dropper

https://shoyannutrition.com/wp-includes/B4e/
exe.dropper

https://ictsmkn2cibar.org/cgi-bin/N/
exe.dropper

https://povedavicedo.com/wp-admin/d/
exe.dropper

http://mbsolutions.ge/wp-admin/eRY/

Targets

    • Target

      d174619fe48b1772781eebcc7eaf7370_JaffaCakes118

    • Size

      162KB

    • MD5

      d174619fe48b1772781eebcc7eaf7370

    • SHA1

      aab75b5fa4fbeb3eca9bafd13a0c7d98f6ae7418

    • SHA256

      4c8ce870a9ee4d6f0f57a5f70788d9325d958acaf002abf30133606b8ac4d3e3

    • SHA512

      519a1dd689089a9decf399795d24c1e77a44eb1fe8db4c165620e4c448852eafac533e2034c6ab5a636286c5323f706b89220a9e92931ce6315a0b0a17d2be11

    • SSDEEP

      1536:Brdi1Ir77zOH98Wj2gpngR+a9aGPrPkNFLCA/Z:BrfrzOH98ipgeGPgN5B/Z

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks