Overview

overview

10

Static

static

8

eea6bab29a...18.doc

windows7-x64

10

eea6bab29a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eea6bab29a2c5672788810b8153e65ae_JaffaCakes118

  • Size

    228KB

  • Sample

    240920-3kv9qavcpm

  • MD5

    eea6bab29a2c5672788810b8153e65ae

  • SHA1

    9eb6e475fc9f509488d0270e087824ef18ab74dd

  • SHA256

    58b4019b5b5bee18e910424744e4b98793ed962b3642a15f00f9d16f6d2d8e23

  • SHA512

    50ee14b08f4c1fed93f1464d84b802963c6ef6f4b623360ec839981bb3167895c612f4b33dbe86259e043aa88d5f6fbe76020eaa256de3eda970969a2763bc2e

  • SSDEEP

    3072:Sj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkeMeGYGdSyRwn0dRs:SHgtEWPsL/aTyT9Gke1GYGzRwncRs

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://si-morgh.com/wp-includes/brMYT734/
exe.dropper

http://nlfgo.com/wp-admin/4d2WC234123/
exe.dropper

http://vip.5k6k.com/cs5h/aoX8wY2/
exe.dropper

http://esenlerdugunsalonu.com/wp-includes/uCzyiZSkg/
exe.dropper

http://aeasinos.com.br/images/5ROM44/

Targets

    • Target

      eea6bab29a2c5672788810b8153e65ae_JaffaCakes118

    • Size

      228KB

    • MD5

      eea6bab29a2c5672788810b8153e65ae

    • SHA1

      9eb6e475fc9f509488d0270e087824ef18ab74dd

    • SHA256

      58b4019b5b5bee18e910424744e4b98793ed962b3642a15f00f9d16f6d2d8e23

    • SHA512

      50ee14b08f4c1fed93f1464d84b802963c6ef6f4b623360ec839981bb3167895c612f4b33dbe86259e043aa88d5f6fbe76020eaa256de3eda970969a2763bc2e

    • SSDEEP

      3072:Sj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkeMeGYGdSyRwn0dRs:SHgtEWPsL/aTyT9Gke1GYGzRwncRs

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks