Overview

overview

10

Static

static

8

edc64fe168...18.doc

windows7-x64

10

edc64fe168...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edc64fe168d272542cb11c3e1f3527af_JaffaCakes118

  • Size

    192KB

  • Sample

    240920-rnqb4a1ekn

  • MD5

    edc64fe168d272542cb11c3e1f3527af

  • SHA1

    7ed0e29f1093a04015144a05ad8d555e2bcba64e

  • SHA256

    b2bff83e324b221fb399d81c45adc6aa217cf5c97c2b7cacd5d92e8fb8757373

  • SHA512

    12bf8ef1612c5766adc334e4d421c70836379dc9ec2ef8a4b8fb92b6f2dfb6887f7d9d253e524b7a06761882e332710ddaf4329ea423e18d8352d02f014af223

  • SSDEEP

    1536:+rdi1Ir77zOH98Wj2gpng9+a9ik1q9Dba/qrHEs+nPyNdOx7ceX:+rfrzOH98ipgIva/qTX+nPyLOBFX

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://zplusshopping.com/wp-content/plugins/8ek/
exe.dropper

https://www.cupgel.com/__MACOSX/3/
exe.dropper

http://freespiritmind.com/MASD/HowTo/css/J/
exe.dropper

http://crewnecksusa.com/wp-content/NJ/
exe.dropper

http://www.dougsuniverse.com/pics/yL8/
exe.dropper

https://idilsoft.com/admin/B/
exe.dropper

https://guhaasmart.com/wp-content/s/

Targets

    • Target

      edc64fe168d272542cb11c3e1f3527af_JaffaCakes118

    • Size

      192KB

    • MD5

      edc64fe168d272542cb11c3e1f3527af

    • SHA1

      7ed0e29f1093a04015144a05ad8d555e2bcba64e

    • SHA256

      b2bff83e324b221fb399d81c45adc6aa217cf5c97c2b7cacd5d92e8fb8757373

    • SHA512

      12bf8ef1612c5766adc334e4d421c70836379dc9ec2ef8a4b8fb92b6f2dfb6887f7d9d253e524b7a06761882e332710ddaf4329ea423e18d8352d02f014af223

    • SSDEEP

      1536:+rdi1Ir77zOH98Wj2gpng9+a9ik1q9Dba/qrHEs+nPyNdOx7ceX:+rfrzOH98ipgIva/qTX+nPyLOBFX

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks