Overview

overview

10

Static

static

8

ecb52f5806...18.doc

windows7-x64

10

ecb52f5806...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecb52f58061f00bfe1e13664c51bc314_JaffaCakes118

  • Size

    168KB

  • Sample

    240920-de62lawaqk

  • MD5

    ecb52f58061f00bfe1e13664c51bc314

  • SHA1

    82164dc9d8a1f6782206a98d81c916dd4da4f548

  • SHA256

    757b2c11169922c74fbd273543e035183f05bc07278aac3338357662c972336f

  • SHA512

    c24e9cabc89c83eda2e100f9cb1ea76825223d7103fc52b2e224f0cf9b52e8b28c7bb3985ce9355504b81cd8811e5a0fbb16ee475a7a39003c5af2210e2a11a6

  • SSDEEP

    3072:N4PrXcuQuvpzm4bkiaMQgAlSpu+vVTC5wn5RQ:6DRv1m4bnQgISphvVTqwn5RQ

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://manandvanwaterlooville.co.uk/wp-admin/prX892/
exe.dropper

https://uniral.com/captchasignup/4J579681/
exe.dropper

https://scyzm.net/lkx7/lqoH8S/
exe.dropper

https://amagna.nl/DZ9MzAobu3/37Z/
exe.dropper

https://nilinkeji.com/online/90fb31/

Targets

    • Target

      ecb52f58061f00bfe1e13664c51bc314_JaffaCakes118

    • Size

      168KB

    • MD5

      ecb52f58061f00bfe1e13664c51bc314

    • SHA1

      82164dc9d8a1f6782206a98d81c916dd4da4f548

    • SHA256

      757b2c11169922c74fbd273543e035183f05bc07278aac3338357662c972336f

    • SHA512

      c24e9cabc89c83eda2e100f9cb1ea76825223d7103fc52b2e224f0cf9b52e8b28c7bb3985ce9355504b81cd8811e5a0fbb16ee475a7a39003c5af2210e2a11a6

    • SSDEEP

      3072:N4PrXcuQuvpzm4bkiaMQgAlSpu+vVTC5wn5RQ:6DRv1m4bnQgISphvVTqwn5RQ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks