Overview

overview

10

Static

static

1

edf9781de4...18.doc

windows7-x64

10

edf9781de4...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edf9781de4d9eaa0c6e44c626686f259_JaffaCakes118

  • Size

    150KB

  • Sample

    240920-tsmg4svhqb

  • MD5

    edf9781de4d9eaa0c6e44c626686f259

  • SHA1

    095b3cb41052b2ded586e39cdf29ebe390026b0b

  • SHA256

    5c9b61e7c24cc5d8b1dfdced53ee0347071660ed454abca451ec9ef2c1dca7e1

  • SHA512

    c2cad6f9a98f71fe87db7856fa6de49011b5fa5f653ca96ea0f71fe541c4763a3b9373b67f1025f5052236df3eb7285625c6e344ffec24abf7ac6952d45c5233

  • SSDEEP

    1536:TJVnK90GM9xuXFEr4Zx50zkGcclJvahtqByHXiNL0CMdfFB6Oy:TfCMbu1Ty+crS3XiNBUfFB6Oy

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://jubilantenterprise.com/wp-admin/Mj/
exe.dropper

http://brycebrumley.com/wp-admin/lj/
exe.dropper

http://aprendiendoganasdigital.com/wp-admin/r/
exe.dropper

http://mymorninglove.com/wp-admin/acv/
exe.dropper

http://shivam-aggarwal.com/cgi-bin/Zr/
exe.dropper

https://originalsalonqatar.com/wp-admin/lS0/
exe.dropper

http://aigtreyas.com/wp-content/p/

Targets

    • Target

      edf9781de4d9eaa0c6e44c626686f259_JaffaCakes118

    • Size

      150KB

    • MD5

      edf9781de4d9eaa0c6e44c626686f259

    • SHA1

      095b3cb41052b2ded586e39cdf29ebe390026b0b

    • SHA256

      5c9b61e7c24cc5d8b1dfdced53ee0347071660ed454abca451ec9ef2c1dca7e1

    • SHA512

      c2cad6f9a98f71fe87db7856fa6de49011b5fa5f653ca96ea0f71fe541c4763a3b9373b67f1025f5052236df3eb7285625c6e344ffec24abf7ac6952d45c5233

    • SSDEEP

      1536:TJVnK90GM9xuXFEr4Zx50zkGcclJvahtqByHXiNL0CMdfFB6Oy:TfCMbu1Ty+crS3XiNBUfFB6Oy

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks