Overview

overview

10

Static

static

1

e222f7c5d4...18.doc

windows7-x64

10

e222f7c5d4...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e222f7c5d4f17f4222323441f4ca1f63_JaffaCakes118

  • Size

    138KB

  • Sample

    240915-kzwjxswamf

  • MD5

    e222f7c5d4f17f4222323441f4ca1f63

  • SHA1

    9be04e3a57a50e71d72ca650fcac4438c3913fea

  • SHA256

    13b98d2f0d07581934fcff17efd69c9924d5cc1d0bb874c28eaaeb497cba7bb4

  • SHA512

    cc6dc0e635db62499261099ec38bf1cb3db93a27c92f3252da3f26b8afa35f514eac0a67e592709021bead46da7d4d3e1fe67cb42d027ec84e856e0606a089d8

  • SSDEEP

    1536:mxRD3bNqfNpu39IId5a6XP3Mg8afyqcTqc380Y:ER1qf69xak3Mgxy7qI80Y

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://edu.jmsvclass.com/wp-includes/sZmjSq/
exe.dropper

http://darkblessing.net/e4wftkpn/KNAO9/
exe.dropper

http://trancisconsulting.com/wp-admin/EEoF/
exe.dropper

http://devanyastore.com/wp-content/9J56juA/
exe.dropper

http://healthcureathome.com/ALFA_DATA/iKSdCK6/
exe.dropper

http://www.szwymall.com/wp-content/j29mvS/
exe.dropper

http://www.jornco.com/wp-admin/UT0xBJw/

Targets

    • Target

      e222f7c5d4f17f4222323441f4ca1f63_JaffaCakes118

    • Size

      138KB

    • MD5

      e222f7c5d4f17f4222323441f4ca1f63

    • SHA1

      9be04e3a57a50e71d72ca650fcac4438c3913fea

    • SHA256

      13b98d2f0d07581934fcff17efd69c9924d5cc1d0bb874c28eaaeb497cba7bb4

    • SHA512

      cc6dc0e635db62499261099ec38bf1cb3db93a27c92f3252da3f26b8afa35f514eac0a67e592709021bead46da7d4d3e1fe67cb42d027ec84e856e0606a089d8

    • SSDEEP

      1536:mxRD3bNqfNpu39IId5a6XP3Mg8afyqcTqc380Y:ER1qf69xak3Mgxy7qI80Y

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks