Overview

overview

10

Static

static

8

eac3e0b945...18.doc

windows7-x64

10

eac3e0b945...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eac3e0b94509698289bda8b3c99eee88_JaffaCakes118

  • Size

    155KB

  • Sample

    240919-hanfxavfje

  • MD5

    eac3e0b94509698289bda8b3c99eee88

  • SHA1

    5f6f31c9736f201b0ddbb36a6c079e6b8e2516a6

  • SHA256

    807391e7d966a61e58ac7b3362dc046433dea4bf6ce1b4be4f6e401816cb4d30

  • SHA512

    02119d24f0b89a1352851c8362eb4a3f267d24482eb833f22abf26d722b6d54f379c4ec6b59e980469100bffd72db031bde3e930ad93106b9837f3b89d2651d7

  • SSDEEP

    1536:gURA+F6URA+Fhrdi1Ir77zOH98Wj2gpngd+a91xQIY0y+WbZw:frfrzOH98ipgtxDH7AZw

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://qstride.com/img/1W/
exe.dropper

http://syracusecoffee.com/customer/i/
exe.dropper

http://shahrakyar.com/cms/3e/
exe.dropper

http://vuatritue.com/wp-admin/FkX/
exe.dropper

http://glafka.com/wp-content/2L7/
exe.dropper

http://rovrooftiles.com/wp-includes/nDP/
exe.dropper

http://paulospainting.com/wp-includes/7k/

Targets

    • Target

      eac3e0b94509698289bda8b3c99eee88_JaffaCakes118

    • Size

      155KB

    • MD5

      eac3e0b94509698289bda8b3c99eee88

    • SHA1

      5f6f31c9736f201b0ddbb36a6c079e6b8e2516a6

    • SHA256

      807391e7d966a61e58ac7b3362dc046433dea4bf6ce1b4be4f6e401816cb4d30

    • SHA512

      02119d24f0b89a1352851c8362eb4a3f267d24482eb833f22abf26d722b6d54f379c4ec6b59e980469100bffd72db031bde3e930ad93106b9837f3b89d2651d7

    • SSDEEP

      1536:gURA+F6URA+Fhrdi1Ir77zOH98Wj2gpngd+a91xQIY0y+WbZw:frfrzOH98ipgtxDH7AZw

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks