Overview

overview

10

Static

static

8

ea9092b6e4...18.doc

windows7-x64

10

ea9092b6e4...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea9092b6e4cbe65efcd43e61e4e6f2ec_JaffaCakes118

  • Size

    156KB

  • Sample

    240919-et27ma1blm

  • MD5

    ea9092b6e4cbe65efcd43e61e4e6f2ec

  • SHA1

    63192956e4b46cd5aea64989a5b33a72e335c647

  • SHA256

    9bba50ec436c59632c66dca1c1f80ad51d564637267c596eeee2e9ef10b82e4b

  • SHA512

    9a24a75ced01508e8f202d297e4705b23e5004900d9c57fce6ea908164ce552c44555daf263cf27c90f2ee422e8f26904f3ec54b9eda28ab1f991684c7d49369

  • SSDEEP

    1536:R6+PU6+Ptrdi1Ir77zOH98Wj2gpngR+a9Cs+kO5qZi1:srfrzOH98ipgJ3O5qZi1

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://gvoprint.com/wp-admin/FurWrq/
exe.dropper

https://www.amcouture.ro/wp-admin/K28Yjp6C1/
exe.dropper

https://smartrent.com.co/wp-content/uploads/s0nOjuEszW/
exe.dropper

https://lucysite.xyz/ulehp/xFpyrYT9mD/
exe.dropper

http://aminramin.com/wp-content/MD/
exe.dropper

http://jituogroup.com/wp-content/uploads/3/
exe.dropper

https://ngothuyspa.com/wp-includes/8fSO/

Targets

    • Target

      ea9092b6e4cbe65efcd43e61e4e6f2ec_JaffaCakes118

    • Size

      156KB

    • MD5

      ea9092b6e4cbe65efcd43e61e4e6f2ec

    • SHA1

      63192956e4b46cd5aea64989a5b33a72e335c647

    • SHA256

      9bba50ec436c59632c66dca1c1f80ad51d564637267c596eeee2e9ef10b82e4b

    • SHA512

      9a24a75ced01508e8f202d297e4705b23e5004900d9c57fce6ea908164ce552c44555daf263cf27c90f2ee422e8f26904f3ec54b9eda28ab1f991684c7d49369

    • SSDEEP

      1536:R6+PU6+Ptrdi1Ir77zOH98Wj2gpngR+a9Cs+kO5qZi1:srfrzOH98ipgJ3O5qZi1

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks