Overview

overview

10

Static

static

8

eeae7980dd...18.doc

windows7-x64

10

eeae7980dd...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeae7980dd787e0cc804bebef92ed930_JaffaCakes118

  • Size

    174KB

  • Sample

    240920-3xms4svfnd

  • MD5

    eeae7980dd787e0cc804bebef92ed930

  • SHA1

    9d5b11349e1f297468bdc9cf62620e3888673fdd

  • SHA256

    af0e40cc260afaf98685419c7a7e2a7bb5071876da22daeafb069c208b8a9ff1

  • SHA512

    d7502f4da62345c51d99906921c5b9a8d18faa406c4e43dfa93b9de3dac85dd9b16593ff3d72a777e4509e05b45f8aaf73f6b8c0d37ddb61b8c5037b341964b0

  • SSDEEP

    1536:trdi1Ir77zOH98Wj2gpngx+a9xGmLtHuJ:trfrzOH98ipgJFuJ

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://haikouweixun.com/jn5/Rbp/
exe.dropper

http://carolinacanullo.com/js/hllPT/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/B3KqPpe/
exe.dropper

http://www.insulution.org/wp-admin/swift/swift/y318LGM/
exe.dropper

http://petafilm.com/calendar/6kOpwrt/
exe.dropper

https://dev.contractdevs.co.uk/hbbny/Kv9/
exe.dropper

http://blog.penmman.com/wp-content/uploads/1ECbn9K/

Targets

    • Target

      eeae7980dd787e0cc804bebef92ed930_JaffaCakes118

    • Size

      174KB

    • MD5

      eeae7980dd787e0cc804bebef92ed930

    • SHA1

      9d5b11349e1f297468bdc9cf62620e3888673fdd

    • SHA256

      af0e40cc260afaf98685419c7a7e2a7bb5071876da22daeafb069c208b8a9ff1

    • SHA512

      d7502f4da62345c51d99906921c5b9a8d18faa406c4e43dfa93b9de3dac85dd9b16593ff3d72a777e4509e05b45f8aaf73f6b8c0d37ddb61b8c5037b341964b0

    • SSDEEP

      1536:trdi1Ir77zOH98Wj2gpngx+a9xGmLtHuJ:trfrzOH98ipgJFuJ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks