Overview

overview

10

Static

static

8

dac8b9205c...18.doc

windows7-x64

10

dac8b9205c...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dac8b9205c259accbbe89544c72c1e29_JaffaCakes118

  • Size

    154KB

  • Sample

    240911-t8a41s1dll

  • MD5

    dac8b9205c259accbbe89544c72c1e29

  • SHA1

    9a462bdd1a6a0bb41562f55b8b325ae48eeb2fb4

  • SHA256

    02bda32f554b15fe24cf07bdda78b9962698bbf3abc72889f5191af722807ab1

  • SHA512

    1ec9a7ab41655ea00e54051291a57cd8bbe6c8ebf2d0f5bede6c31811a256317b4e4effd342c829735924efd537e5b4d473a8c27b86e9ebf6d02e4224ba8dc75

  • SSDEEP

    1536:gURA+F6URA+Fhrdi1Ir77zOH98Wj2gpngd+a9/xQIY0y+Wb9w:frfrzOH98ipgHxDH7A9w

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://qstride.com/img/1W/
exe.dropper

http://syracusecoffee.com/customer/i/
exe.dropper

http://shahrakyar.com/cms/3e/
exe.dropper

http://vuatritue.com/wp-admin/FkX/
exe.dropper

http://glafka.com/wp-content/2L7/
exe.dropper

http://rovrooftiles.com/wp-includes/nDP/
exe.dropper

http://paulospainting.com/wp-includes/7k/

Targets

    • Target

      dac8b9205c259accbbe89544c72c1e29_JaffaCakes118

    • Size

      154KB

    • MD5

      dac8b9205c259accbbe89544c72c1e29

    • SHA1

      9a462bdd1a6a0bb41562f55b8b325ae48eeb2fb4

    • SHA256

      02bda32f554b15fe24cf07bdda78b9962698bbf3abc72889f5191af722807ab1

    • SHA512

      1ec9a7ab41655ea00e54051291a57cd8bbe6c8ebf2d0f5bede6c31811a256317b4e4effd342c829735924efd537e5b4d473a8c27b86e9ebf6d02e4224ba8dc75

    • SSDEEP

      1536:gURA+F6URA+Fhrdi1Ir77zOH98Wj2gpngd+a9/xQIY0y+Wb9w:frfrzOH98ipgHxDH7A9w

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks