Overview

overview

10

Static

static

8

ea7b84abe0...18.doc

windows7-x64

10

ea7b84abe0...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea7b84abe003393bff281a0d9dd76b3d_JaffaCakes118

  • Size

    172KB

  • Sample

    240919-dsbgvayckp

  • MD5

    ea7b84abe003393bff281a0d9dd76b3d

  • SHA1

    232141f85d1c0f789c3c7f6e8f0b576024654a05

  • SHA256

    1fa874c848453f913da841c6c80dea2eadb7cceb410a5783c7db5c1b846f5de0

  • SHA512

    61df117518d67665c545397fa6e55ad97897bc49855318ec0e94d3cf5f0057b32aa33fa1ab05434ec73dcb2a5854356b55ba7a497d53f2c8b7c5b23f9862db1c

  • SSDEEP

    3072:w4PrXcuQuvpzm4bkiaMQgAlSe5bMSS0BofwDhd/Zd:NDRv1m4bnQgISMbA0ofwDhdZd

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://muliarental.com/wp-includes/uwr_u4_ed3qzbb/
exe.dropper

http://ltrybus.com/cgi-bin/mff_xao9d_5ld5qajfmx/
exe.dropper

http://my6thgen.org/_db_backups/t_e_v7qizcr2/
exe.dropper

http://mywebnerd.com/bluesforsale/zi6_v4g0_rmyg/
exe.dropper

http://www.naayers.org/Library/o_eo_97ml/

Targets

    • Target

      ea7b84abe003393bff281a0d9dd76b3d_JaffaCakes118

    • Size

      172KB

    • MD5

      ea7b84abe003393bff281a0d9dd76b3d

    • SHA1

      232141f85d1c0f789c3c7f6e8f0b576024654a05

    • SHA256

      1fa874c848453f913da841c6c80dea2eadb7cceb410a5783c7db5c1b846f5de0

    • SHA512

      61df117518d67665c545397fa6e55ad97897bc49855318ec0e94d3cf5f0057b32aa33fa1ab05434ec73dcb2a5854356b55ba7a497d53f2c8b7c5b23f9862db1c

    • SSDEEP

      3072:w4PrXcuQuvpzm4bkiaMQgAlSe5bMSS0BofwDhd/Zd:NDRv1m4bnQgISMbA0ofwDhdZd

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks