Overview

overview

10

Static

static

1

d6a999c6a3...18.doc

windows7-x64

10

d6a999c6a3...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d6a999c6a3b036106a44a2d4679d1249_JaffaCakes118

  • Size

    148KB

  • Sample

    240909-tkkzbazane

  • MD5

    d6a999c6a3b036106a44a2d4679d1249

  • SHA1

    a021c85643ea31a63e76f406abc13b49c4204a01

  • SHA256

    071e566fdd288ea18840e688b3e0fda6eba45adbe3fa06cb2b00243990d04c48

  • SHA512

    708061fb73daacd2b3e7187c40137725f775cc0e74111338d0a7abfd7fcb6e4a6cbbf8bf4dec69df9fd7299e66bfea841fed70c8059cd00584de4230a9f15a75

  • SSDEEP

    3072:dLAzJ85LuMoeffRcescowUYrktrKWj7Gq7:48B2r1HYkEWjj7

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://voguefitz.com/wp-content/se/
exe.dropper

http://www.coop-yeboekon.net/wp-admin/w/
exe.dropper

https://hotelunique.com/cardapios/T8U/
exe.dropper

https://prafulloorja.org/2wvl/P/
exe.dropper

http://turbineseuperfil.online/sitetarget/7G/
exe.dropper

http://guarany.net/zefiro/DDI/
exe.dropper

https://fairplay.company/wp-includes/00/

Targets

    • Target

      d6a999c6a3b036106a44a2d4679d1249_JaffaCakes118

    • Size

      148KB

    • MD5

      d6a999c6a3b036106a44a2d4679d1249

    • SHA1

      a021c85643ea31a63e76f406abc13b49c4204a01

    • SHA256

      071e566fdd288ea18840e688b3e0fda6eba45adbe3fa06cb2b00243990d04c48

    • SHA512

      708061fb73daacd2b3e7187c40137725f775cc0e74111338d0a7abfd7fcb6e4a6cbbf8bf4dec69df9fd7299e66bfea841fed70c8059cd00584de4230a9f15a75

    • SSDEEP

      3072:dLAzJ85LuMoeffRcescowUYrktrKWj7Gq7:48B2r1HYkEWjj7

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks