Overview

overview

10

Static

static

8

eab6f7a151...18.doc

windows7-x64

10

eab6f7a151...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eab6f7a1517e79d2a72e2cc31bb1a893_JaffaCakes118

  • Size

    199KB

  • Sample

    240919-gpranstfnb

  • MD5

    eab6f7a1517e79d2a72e2cc31bb1a893

  • SHA1

    787613d2d830a0ad8c526aca34a3edb904af75e3

  • SHA256

    4c6bf53f5192cfaae6652533f1980fc4c40016b9abd84823ebd3165a3d8bd024

  • SHA512

    f0a683e6020e82faf1e8e98e10d32e428eed54af0aa37eebcaa4264005266fd28e4433a4a55942052beca4ffa08423f9527ca68714f995c39610183b253aab17

  • SSDEEP

    3072:9WKWj22TWTogk079THcpOu5UZM5EcbWD+kzD:y/TX07hHcJQaEcKDXzD

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://haymetetrading.com/wp-includes/yGELKj4/
exe.dropper

http://simofferbd24.com/wp-includes/fsiQc/
exe.dropper

http://401kplansinfo.com/cgi-bin/KtFRk/
exe.dropper

http://fidelityguide.com/cgi-bin/VA/
exe.dropper

https://sirnakmidyeci.com/wp-includes/qk9wW2/
exe.dropper

https://subitocarne.com/wp-content/ByeOAt9/
exe.dropper

https://eliesalibaarchitect.com/wordpress/T/

Targets

    • Target

      eab6f7a1517e79d2a72e2cc31bb1a893_JaffaCakes118

    • Size

      199KB

    • MD5

      eab6f7a1517e79d2a72e2cc31bb1a893

    • SHA1

      787613d2d830a0ad8c526aca34a3edb904af75e3

    • SHA256

      4c6bf53f5192cfaae6652533f1980fc4c40016b9abd84823ebd3165a3d8bd024

    • SHA512

      f0a683e6020e82faf1e8e98e10d32e428eed54af0aa37eebcaa4264005266fd28e4433a4a55942052beca4ffa08423f9527ca68714f995c39610183b253aab17

    • SSDEEP

      3072:9WKWj22TWTogk079THcpOu5UZM5EcbWD+kzD:y/TX07hHcJQaEcKDXzD

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks