Overview

overview

10

Static

static

8

ec7ce68b3b...18.doc

windows7-x64

10

ec7ce68b3b...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec7ce68b3b5388406d00a43e40573954_JaffaCakes118

  • Size

    159KB

  • Sample

    240920-avg6mazcpl

  • MD5

    ec7ce68b3b5388406d00a43e40573954

  • SHA1

    7cdcd42adba19bc67e36e376358892208196547d

  • SHA256

    f198ab670a8b0340f9f9564522fcd3ec55bf271c8497766810c9ddfde0105648

  • SHA512

    329e5dfb3ac983f81b4c13f14359a9b01ef02cca154ee4f6fd0cf294f70ae6b165e627debf04b88c94411c94cd6d56e8b546e94b0efaa80592595ce191e7bf4f

  • SSDEEP

    1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a996Fgx+fep:ErfrzOH98ipgF6FO+2p

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://citas.nubeweb24.com/wp-admin/bd0/
exe.dropper

http://wallenkelley.xyz/wp-content/A1/
exe.dropper

http://noraiport.nubeweb24.com/wp-admin/eh5/
exe.dropper

https://citybasket.in/sitemap/quZ/
exe.dropper

http://tingme.vn/wp-content/plugins/X/
exe.dropper

https://fairplay.company/wp-includes/H/
exe.dropper

https://casa.nubeweb24.com/wp-admin/hiR/

Targets

    • Target

      ec7ce68b3b5388406d00a43e40573954_JaffaCakes118

    • Size

      159KB

    • MD5

      ec7ce68b3b5388406d00a43e40573954

    • SHA1

      7cdcd42adba19bc67e36e376358892208196547d

    • SHA256

      f198ab670a8b0340f9f9564522fcd3ec55bf271c8497766810c9ddfde0105648

    • SHA512

      329e5dfb3ac983f81b4c13f14359a9b01ef02cca154ee4f6fd0cf294f70ae6b165e627debf04b88c94411c94cd6d56e8b546e94b0efaa80592595ce191e7bf4f

    • SSDEEP

      1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a996Fgx+fep:ErfrzOH98ipgF6FO+2p

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks