Overview

overview

10

Static

static

1

de5387adf4...18.doc

windows7-x64

10

de5387adf4...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de5387adf4dcb4c74ba17a611d0df16e_JaffaCakes118

  • Size

    172KB

  • Sample

    240913-p99lrascrg

  • MD5

    de5387adf4dcb4c74ba17a611d0df16e

  • SHA1

    d472e27b94404e1a08bd7d0638079af6b76afca6

  • SHA256

    f9f9ecbdf948c6a6d7d656de5eda7d9e24f4bb2b648847bfd1156429a6241c6e

  • SHA512

    cdff49074b204d15518080022a79f6963f397b1234a607247d2967ef7cd83b86892c4c463af890dbd3368a3977f56b5d755064a204017a099ffecafb268b3162

  • SSDEEP

    3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7ZcZaBB:Hs9ufsfgIf0pLVcZKB

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://coffeecons.com/joomla30/LU7/
exe.dropper

http://www.noramua.com/wp-content/Eb/
exe.dropper

http://chakteholistico.com/wp-includes/7c/
exe.dropper

https://zeitraisen.com/wordpress/GoG/
exe.dropper

http://gosmart-online.com/wp-includes/9/
exe.dropper

https://www.campuscamarafp.com/wp-admin/uEx/
exe.dropper

http://eastafricarefugeerelief.com/aopaf/public/GiFSUetbCLK/C/

Targets

    • Target

      de5387adf4dcb4c74ba17a611d0df16e_JaffaCakes118

    • Size

      172KB

    • MD5

      de5387adf4dcb4c74ba17a611d0df16e

    • SHA1

      d472e27b94404e1a08bd7d0638079af6b76afca6

    • SHA256

      f9f9ecbdf948c6a6d7d656de5eda7d9e24f4bb2b648847bfd1156429a6241c6e

    • SHA512

      cdff49074b204d15518080022a79f6963f397b1234a607247d2967ef7cd83b86892c4c463af890dbd3368a3977f56b5d755064a204017a099ffecafb268b3162

    • SSDEEP

      3072:Hs9ufstRUUKSns8T00JSHUgteMJ8qMD7g7ZcZaBB:Hs9ufsfgIf0pLVcZKB

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks