Overview

overview

10

Static

static

8

ede920e33b...18.doc

windows7-x64

10

ede920e33b...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ede920e33bf883346c223eac32a14009_JaffaCakes118

  • Size

    151KB

  • Sample

    240920-s5w2msvbqn

  • MD5

    ede920e33bf883346c223eac32a14009

  • SHA1

    3c6136c0256eb0efd24bb7b6ed1d51cdf89f4232

  • SHA256

    702bb18956c03e76973b7b64978c4b5749dbec33a6029901864814e9f79d0c22

  • SHA512

    f062e33b2e95eed608fa17e12f12a0acf68da5c202c72f0882609d2b3c6c6600246d86ac03d151ae57e1db448c91104195fc55cf9fd499e90287a259a602e91a

  • SSDEEP

    1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9KrqYzE4gLMPxzwF:irfrzOH98ipgoqYzE4NxzwF

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.gozowindmill.com/meteo/97/
exe.dropper

http://www.greaudstudio.com/docs/Z/
exe.dropper

https://b176f.cn/wp-admin/1/
exe.dropper

https://blog.socialpill.in/jdzetd/fZuInax/
exe.dropper

http://maisshake.com.br/wp-includes/dPmzV1/
exe.dropper

http://mesdelicesitaliens.fr/wp-admin/tSlCBpP/
exe.dropper

http://grndl.com/oinj/j4/

Targets

    • Target

      ede920e33bf883346c223eac32a14009_JaffaCakes118

    • Size

      151KB

    • MD5

      ede920e33bf883346c223eac32a14009

    • SHA1

      3c6136c0256eb0efd24bb7b6ed1d51cdf89f4232

    • SHA256

      702bb18956c03e76973b7b64978c4b5749dbec33a6029901864814e9f79d0c22

    • SHA512

      f062e33b2e95eed608fa17e12f12a0acf68da5c202c72f0882609d2b3c6c6600246d86ac03d151ae57e1db448c91104195fc55cf9fd499e90287a259a602e91a

    • SSDEEP

      1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9KrqYzE4gLMPxzwF:irfrzOH98ipgoqYzE4NxzwF

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks