Overview

overview

10

Static

static

8

d4ee80716d...18.doc

windows7-x64

10

d4ee80716d...18.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    d4ee80716d0ba358fbdd31ffde915c3d_JaffaCakes118

  • Size

    218KB

  • Sample

    240908-wlyb5szamn

  • MD5

    d4ee80716d0ba358fbdd31ffde915c3d

  • SHA1

    5cbd3526a83922fc52cb3022c37bcaeeeace5c1c

  • SHA256

    9649d762e211330a8c7079e716cdf74c40d60d599f429716d4514975cdeb1d26

  • SHA512

    58c12e7f8076b360250fe8db610b818886085dd9faef38ed3c010f65a0c38a1a95a9cd1e6f7fa0452b21a35fe8c7d69037cac6ef936cc36d1491baf5c8d6d208

  • SSDEEP

    3072:vYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////S:x0uXnWFchmmcI/o1/D+pFw3f

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://somosdrucken.com/upload/GGQL96W/
exe.dropper

http://www.vedigitize.com/wp-includes/l9K6YJ/
exe.dropper

http://www.sosyalben.org/hpKTnb/
exe.dropper

http://www.sutomoresmestaj.net/menu/E/
exe.dropper

http://www.traveltoharamain.com/cgi-bin/b/
exe.dropper

http://www.thinkdesign4u.com/css/Rtc1/
exe.dropper

https://www.mwk-bionik.de/fileadmin/vOJ/

Targets

    • Target

      d4ee80716d0ba358fbdd31ffde915c3d_JaffaCakes118

    • Size

      218KB

    • MD5

      d4ee80716d0ba358fbdd31ffde915c3d

    • SHA1

      5cbd3526a83922fc52cb3022c37bcaeeeace5c1c

    • SHA256

      9649d762e211330a8c7079e716cdf74c40d60d599f429716d4514975cdeb1d26

    • SHA512

      58c12e7f8076b360250fe8db610b818886085dd9faef38ed3c010f65a0c38a1a95a9cd1e6f7fa0452b21a35fe8c7d69037cac6ef936cc36d1491baf5c8d6d208

    • SSDEEP

      3072:vYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////S:x0uXnWFchmmcI/o1/D+pFw3f

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks