Overview

overview

10

Static

static

1

da20db56fc...18.doc

windows7-x64

10

da20db56fc...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da20db56fc53ab6649598f8ffc665914_JaffaCakes118

  • Size

    171KB

  • Sample

    240911-ma2ezswakf

  • MD5

    da20db56fc53ab6649598f8ffc665914

  • SHA1

    9dc86870a468b5580a2ba886eee8719a3f579b6b

  • SHA256

    79210531cbe46467f07f4fd6f95a4190c242dc8640f4b7172717aa845e616b63

  • SHA512

    24b0a0fbfc5b7c48c85981760e818c9e97f7193571baba2df2aa871f9141051e9536bcf4088d621b77951ae400dbb3e1dd7c319a8ebbba7a62a1e54fe8ac868f

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7tcZaBj:Hs9ufsfgIf0pLJcZKj

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/
exe.dropper

http://www.noramua.com/wp-content/Eb/
exe.dropper

http://chakteholistico.com/wp-includes/7c/
exe.dropper

https://zeitraisen.com/wordpress/GoG/
exe.dropper

http://gosmart-online.com/wp-includes/9/
exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/
exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      da20db56fc53ab6649598f8ffc665914_JaffaCakes118

    • Size

      171KB

    • MD5

      da20db56fc53ab6649598f8ffc665914

    • SHA1

      9dc86870a468b5580a2ba886eee8719a3f579b6b

    • SHA256

      79210531cbe46467f07f4fd6f95a4190c242dc8640f4b7172717aa845e616b63

    • SHA512

      24b0a0fbfc5b7c48c85981760e818c9e97f7193571baba2df2aa871f9141051e9536bcf4088d621b77951ae400dbb3e1dd7c319a8ebbba7a62a1e54fe8ac868f

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7tcZaBj:Hs9ufsfgIf0pLJcZKj

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks