Overview

overview

10

Static

static

1

ed6428b8d3...18.doc

windows7-x64

10

ed6428b8d3...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed6428b8d3e8082dbd602561ad399213_JaffaCakes118

  • Size

    176KB

  • Sample

    240920-mgl9ms1gmb

  • MD5

    ed6428b8d3e8082dbd602561ad399213

  • SHA1

    14b1339f026f000f1c162400b215d1b41b279b7d

  • SHA256

    6a4f1212417249a2a041859ef4fcb7c2968111ee6273aaf0fa840e06c7905b52

  • SHA512

    29716e94adcd5f0aa684a5177694f96d8d5d8106d403caea54712b06398afccaf71babf20989370922d9e3bf7067cdaecd1d8550ac9f6a978f10ae331206aee9

  • SSDEEP

    3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hq7Q8eK0:UBtgVIveNZvn+88x0

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://babyshop.webdungsan.com/wp-admin/n/
exe.dropper

http://nguyenlieuphachehanoi.com/wp-admin/kL/
exe.dropper

http://notesever.com/cgi-bin/Cfs/
exe.dropper

http://superbetprediction.com/js/Qo/
exe.dropper

http://pattanitkpark.com/gipe2h/iqt/
exe.dropper

http://www.xxdaytoy.top/wp-content/E/
exe.dropper

http://huaibangchina.com/kic3kc/c/

Targets

    • Target

      ed6428b8d3e8082dbd602561ad399213_JaffaCakes118

    • Size

      176KB

    • MD5

      ed6428b8d3e8082dbd602561ad399213

    • SHA1

      14b1339f026f000f1c162400b215d1b41b279b7d

    • SHA256

      6a4f1212417249a2a041859ef4fcb7c2968111ee6273aaf0fa840e06c7905b52

    • SHA512

      29716e94adcd5f0aa684a5177694f96d8d5d8106d403caea54712b06398afccaf71babf20989370922d9e3bf7067cdaecd1d8550ac9f6a978f10ae331206aee9

    • SSDEEP

      3072:UUqJ1NgsA8k/gvh0NZ0lGX1nZ7hq7Q8eK0:UBtgVIveNZvn+88x0

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks