Overview

overview

10

Static

static

8

df60180b63...18.doc

windows7-x64

10

df60180b63...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df60180b63a6fc2e96f715f5b1544a57_JaffaCakes118

  • Size

    159KB

  • Sample

    240914-dlalzatekj

  • MD5

    df60180b63a6fc2e96f715f5b1544a57

  • SHA1

    862421a7d9cffa96a28992b3a330478b8e0fb9b0

  • SHA256

    a977df922c14467cec02915c17c287e36ce57d3556a944d637211ad9e2453761

  • SHA512

    e17d8cb3ff1157df0f39046d50dcf34d8a3a43a3b6efc545aa4dbf352a05fb8adc28ab6469062fff4f4b46dc1f560fc304748193716058538d41f3bf056fec55

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ZLln2/5Qa:9rfrzOH98ipglL05Qa

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      df60180b63a6fc2e96f715f5b1544a57_JaffaCakes118

    • Size

      159KB

    • MD5

      df60180b63a6fc2e96f715f5b1544a57

    • SHA1

      862421a7d9cffa96a28992b3a330478b8e0fb9b0

    • SHA256

      a977df922c14467cec02915c17c287e36ce57d3556a944d637211ad9e2453761

    • SHA512

      e17d8cb3ff1157df0f39046d50dcf34d8a3a43a3b6efc545aa4dbf352a05fb8adc28ab6469062fff4f4b46dc1f560fc304748193716058538d41f3bf056fec55

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9ZLln2/5Qa:9rfrzOH98ipglL05Qa

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks