Overview

overview

10

Static

static

8

eddd2a421a...18.doc

windows7-x64

10

eddd2a421a...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eddd2a421aa1de337ae7bcec763138bb_JaffaCakes118

  • Size

    196KB

  • Sample

    240920-sl4x5ssgnc

  • MD5

    eddd2a421aa1de337ae7bcec763138bb

  • SHA1

    b4712a21df1c31b4d5924e15167f4ff943de6e5d

  • SHA256

    ce99d6a97e21495a2133ae942cc02e674461cbcbd4065b65eabdb8bbcfa5743d

  • SHA512

    2a62e27052c45991b021aa72c24598a3a296dbd3a4b98c7231a11cf63c5e8828e63ea07785b18db3558b085ab64f7bd6fdaea1152470c18bb82629d5fe2ec4fd

  • SSDEEP

    3072:8YSd22TWTogk079THcpOu5UZWXuSTLGetmsheCZb:Q/TX07hHcJQTSfDmSl

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://amvp-py.com/amvp/r/
exe.dropper

https://dagranitegiare.com/wp-admin/d/
exe.dropper

https://emitt-tech.com/wp-admin/2qG/
exe.dropper

http://kvaser-microsite.tagsom.company/wp-includes/a/
exe.dropper

https://aravindhherbalstore.com/wp-admin/TPA/
exe.dropper

http://leo.jelct.com/wp-content/Hce/
exe.dropper

http://domiciliazione.org/wp/UT8/

Targets

    • Target

      eddd2a421aa1de337ae7bcec763138bb_JaffaCakes118

    • Size

      196KB

    • MD5

      eddd2a421aa1de337ae7bcec763138bb

    • SHA1

      b4712a21df1c31b4d5924e15167f4ff943de6e5d

    • SHA256

      ce99d6a97e21495a2133ae942cc02e674461cbcbd4065b65eabdb8bbcfa5743d

    • SHA512

      2a62e27052c45991b021aa72c24598a3a296dbd3a4b98c7231a11cf63c5e8828e63ea07785b18db3558b085ab64f7bd6fdaea1152470c18bb82629d5fe2ec4fd

    • SSDEEP

      3072:8YSd22TWTogk079THcpOu5UZWXuSTLGetmsheCZb:Q/TX07hHcJQTSfDmSl

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks