Overview

overview

10

Static

static

8

d65159884a...18.doc

windows7-x64

10

d65159884a...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d65159884a302c122a6a6ce7a79b4707_JaffaCakes118

  • Size

    195KB

  • Sample

    240909-pqgrmazfnh

  • MD5

    d65159884a302c122a6a6ce7a79b4707

  • SHA1

    065345bf6fa9b4e011d36b23c936920daf0123c7

  • SHA256

    926ffcd5c140ef8034bb02d721f27d8fca0608d456ab432803be89c0282501e7

  • SHA512

    7c260009152bea9541caaaaf7c5b0bb90157980bb24caa7595f2896cdecc9750c20cc5c9f7e085f1e6bd42f19aef6319181ac8765f5e23ef5dd7652c0e001652

  • SSDEEP

    3072:922TWTogk079THcpOu5UZGQGSL+sAGNTAp:9/TX07hHcJQfKCN8p

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://eaglehatch.com/wp-content/TwA6w6/
exe.dropper

https://www.tiendajuanvaldez.com/wp-admin/igkf/
exe.dropper

https://aspeninstitute.es/catalogmap/fAatpjn/
exe.dropper

https://1horse.ir/wp-includes/7Ev/
exe.dropper

https://theshopclubs.com/wp-admin/7/
exe.dropper

https://eliteweb.cl/dev-area/6V/
exe.dropper

https://stockval.com.br/wp-admin/68K36/

Targets

    • Target

      d65159884a302c122a6a6ce7a79b4707_JaffaCakes118

    • Size

      195KB

    • MD5

      d65159884a302c122a6a6ce7a79b4707

    • SHA1

      065345bf6fa9b4e011d36b23c936920daf0123c7

    • SHA256

      926ffcd5c140ef8034bb02d721f27d8fca0608d456ab432803be89c0282501e7

    • SHA512

      7c260009152bea9541caaaaf7c5b0bb90157980bb24caa7595f2896cdecc9750c20cc5c9f7e085f1e6bd42f19aef6319181ac8765f5e23ef5dd7652c0e001652

    • SSDEEP

      3072:922TWTogk079THcpOu5UZGQGSL+sAGNTAp:9/TX07hHcJQfKCN8p

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks