e484e9b8614dff68bd63e103a395b4e03576c2f72fdcba1ff45344012e0f51b6 | Triage

Submit
Reports

Overview

overview

Static

static

8

ecd96bcfbf...18.doc

windows7-x64

ecd96bcfbf...18.doc

windows10-2004-x64

Sharing

General

Target

ecd96bcfbfd4cf575a8720d72957a998_JaffaCakes118
Size

240KB
Sample

240920-e69ggayhrp
MD5

ecd96bcfbfd4cf575a8720d72957a998
SHA1

0cbbf0fa4dff29209e586e9af524668b94ba6f1e
SHA256

e484e9b8614dff68bd63e103a395b4e03576c2f72fdcba1ff45344012e0f51b6
SHA512

ba9379f229a86f3cd69a3e96d43028e7d8589f3071a2d776b2aed284fa7ac5b6b089502833bd0d3d6429882253f53ec4c32c9cf0f6c5cf3ccf7f25f03af6419f
SSDEEP

3072:0j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRReZjBu7DgqwXE:0HgtEWPsL/aTyT9GkRRep1qw0

Score

10^/10

discovery macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ecd96bcfbfd4cf575a8720d72957a998_JaffaCakes118.doc

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ecd96bcfbfd4cf575a8720d72957a998_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://ukasian.com/wp-admin/Znk3yozl/

exe.dropper

http://techwala.net/wp-admin/tKX319361/

exe.dropper

http://schladzalniki.eko-bart.pl/cgi-bin/7f53903/

exe.dropper

https://mte1.cn/wp-includes/PkuVF1RiI/

exe.dropper

http://topkadry.com.ua/cgi-bin/dhH718397/

Targets

- Target
  
  ecd96bcfbfd4cf575a8720d72957a998_JaffaCakes118
- Size
  
  240KB
- MD5
  
  ecd96bcfbfd4cf575a8720d72957a998
- SHA1
  
  0cbbf0fa4dff29209e586e9af524668b94ba6f1e
- SHA256
  
  e484e9b8614dff68bd63e103a395b4e03576c2f72fdcba1ff45344012e0f51b6
- SHA512
  
  ba9379f229a86f3cd69a3e96d43028e7d8589f3071a2d776b2aed284fa7ac5b6b089502833bd0d3d6429882253f53ec4c32c9cf0f6c5cf3ccf7f25f03af6419f
- SSDEEP
  
  3072:0j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRReZjBu7DgqwXE:0HgtEWPsL/aTyT9GkRRep1qw0
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy