Overview

overview

10

Static

static

8

edc97dae3f...18.doc

windows7-x64

10

edc97dae3f...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edc97dae3f762b0da37457fb7849b629_JaffaCakes118

  • Size

    159KB

  • Sample

    240920-rs5yca1gkp

  • MD5

    edc97dae3f762b0da37457fb7849b629

  • SHA1

    23ab7a4114f60c795a460cc5277f758f0416bef0

  • SHA256

    a74eb2487d0be68d65959de76c579a922dcc50550558e02136b60e540b5f5100

  • SHA512

    1c06219f0f3521b77afafc385000f646b8e423d4c1645f1b66a966125ef4b25c8f5344630dc1cf4943652d230dd631eda274d711726a219509f06f21bb50e6b8

  • SSDEEP

    1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9XxRiqLE8ct2PU7eXKSSxH5ppJxyFWb:+0rfrzOH98ipg/kJxyFWb

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://77yxx.com/b5rh/bZxS/
exe.dropper

http://shahramookht.com/t1k12k7t/8jq/
exe.dropper

http://www.aciitaly.com/adminer-master/gkI/
exe.dropper

https://codelta.es/images/9S35FR/
exe.dropper

https://burstoutloud.com/PPL/Hf/
exe.dropper

https://targetin.com/Silder-1/naK/
exe.dropper

http://dbestfishing.com.sg/67s/wfe/

Targets

    • Target

      edc97dae3f762b0da37457fb7849b629_JaffaCakes118

    • Size

      159KB

    • MD5

      edc97dae3f762b0da37457fb7849b629

    • SHA1

      23ab7a4114f60c795a460cc5277f758f0416bef0

    • SHA256

      a74eb2487d0be68d65959de76c579a922dcc50550558e02136b60e540b5f5100

    • SHA512

      1c06219f0f3521b77afafc385000f646b8e423d4c1645f1b66a966125ef4b25c8f5344630dc1cf4943652d230dd631eda274d711726a219509f06f21bb50e6b8

    • SSDEEP

      1536:+iaqasrdi1Ir77zOH98Wj2gpngx+a9XxRiqLE8ct2PU7eXKSSxH5ppJxyFWb:+0rfrzOH98ipg/kJxyFWb

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks