Overview

overview

10

Static

static

8

edeec58569...18.doc

windows7-x64

10

edeec58569...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edeec58569ed98cdfdd13cbc526c7d0e_JaffaCakes118

  • Size

    159KB

  • Sample

    240920-tcqjtsvbna

  • MD5

    edeec58569ed98cdfdd13cbc526c7d0e

  • SHA1

    6749591687c43582c870e405762ada3ed7530007

  • SHA256

    6ce61eccd50917328baca8baa337e8be84724ca3af434db260146552b5b901b7

  • SHA512

    b536ca31c925f66cdbfcbf99c0dc5434207302f24fde783764296afc3ef1809b7b460e239307cc710c08057dbd2a1058232add88e63747da59d2a889794513ae

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9YLln2/5Iq:9rfrzOH98ipg8L05Iq

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      edeec58569ed98cdfdd13cbc526c7d0e_JaffaCakes118

    • Size

      159KB

    • MD5

      edeec58569ed98cdfdd13cbc526c7d0e

    • SHA1

      6749591687c43582c870e405762ada3ed7530007

    • SHA256

      6ce61eccd50917328baca8baa337e8be84724ca3af434db260146552b5b901b7

    • SHA512

      b536ca31c925f66cdbfcbf99c0dc5434207302f24fde783764296afc3ef1809b7b460e239307cc710c08057dbd2a1058232add88e63747da59d2a889794513ae

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9YLln2/5Iq:9rfrzOH98ipg8L05Iq

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks