Overview

overview

10

Static

static

1

eb7eac4bc3...18.doc

windows7-x64

10

eb7eac4bc3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb7eac4bc393d5b1c406c52ba0dda1eb_JaffaCakes118

  • Size

    170KB

  • Sample

    240919-rflnyashlq

  • MD5

    eb7eac4bc393d5b1c406c52ba0dda1eb

  • SHA1

    ca4f54ce2136b9ac15c80ec18a10362e6f069795

  • SHA256

    b8c7830a4a2390d6b31f40d0dd0958d1ee0844ac3dc20484bd00a9bc6ca87be7

  • SHA512

    fd3862de3a28e652b6ac5e591a56755c12e04953ca8578d365a4c709abc8f979a9eeb6c4a79fdb2a704a0c74069961650b3b7997736cbbaacbb6bc4f49f2999e

  • SSDEEP

    3072:R9ufstRUUKSns8T00JSHUgteMJ8qMD7gZYFESXiNBaZxPIp:R9ufsfgIf0pLWFESXiNIZxQp

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://shop.qihchina.com/validators/8/
exe.dropper

http://skoolkam.com/blog/5ji/
exe.dropper

http://shopmebom.webdungsan.com/wp-admin/1Oy/
exe.dropper

http://demo77.webdungsan.com/wp-admin/6m/
exe.dropper

https://wyyichen.com/wp-includes/W0N/
exe.dropper

http://94.24.72.63/wp-content/te/
exe.dropper

http://topupez.info/wp-includes/DEr/

Targets

    • Target

      eb7eac4bc393d5b1c406c52ba0dda1eb_JaffaCakes118

    • Size

      170KB

    • MD5

      eb7eac4bc393d5b1c406c52ba0dda1eb

    • SHA1

      ca4f54ce2136b9ac15c80ec18a10362e6f069795

    • SHA256

      b8c7830a4a2390d6b31f40d0dd0958d1ee0844ac3dc20484bd00a9bc6ca87be7

    • SHA512

      fd3862de3a28e652b6ac5e591a56755c12e04953ca8578d365a4c709abc8f979a9eeb6c4a79fdb2a704a0c74069961650b3b7997736cbbaacbb6bc4f49f2999e

    • SSDEEP

      3072:R9ufstRUUKSns8T00JSHUgteMJ8qMD7gZYFESXiNBaZxPIp:R9ufsfgIf0pLWFESXiNIZxQp

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks