Overview

overview

10

Static

static

1

ee0b2933db...18.doc

windows7-x64

10

ee0b2933db...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee0b2933db4e04a116f876cb28ecc2cf_JaffaCakes118

  • Size

    153KB

  • Sample

    240920-vkl22sxbqf

  • MD5

    ee0b2933db4e04a116f876cb28ecc2cf

  • SHA1

    ee2df00d5a62f81b723e52e65322dc5e94a94342

  • SHA256

    47c8e3e92b05f289d4c090f3405365aa37f8e0d0bfce6535dc59d999117a2fda

  • SHA512

    eaa16b1ec4f019a3b9e252b62d9b7fb3fdd1b88761ebf2c40ce8ff2ddfe469a7efede5bdb81ae1c3a04710490c30ba596f08f2c3ccc021d04c8bb3f68476e271

  • SSDEEP

    1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1ZS:022TWTogk079THcpOu5UZ+DEuP

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.firhajshoes.com/wp-admin/RgaiT/
exe.dropper

http://fakeread.com/OneSignal-Web-SDK-HTTPS-Integration-Files/Wf/
exe.dropper

http://www.rttutoring.com/wp-includes/LlbY6o/
exe.dropper

http://blueskysol.com/sys-cache/2Rk/
exe.dropper

http://crazyboxs.com/cgi-bin/IaJ/
exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/3jXU5Bp/
exe.dropper

http://nuhatoys.com/wp-admin/WWA4R/

Targets

    • Target

      ee0b2933db4e04a116f876cb28ecc2cf_JaffaCakes118

    • Size

      153KB

    • MD5

      ee0b2933db4e04a116f876cb28ecc2cf

    • SHA1

      ee2df00d5a62f81b723e52e65322dc5e94a94342

    • SHA256

      47c8e3e92b05f289d4c090f3405365aa37f8e0d0bfce6535dc59d999117a2fda

    • SHA512

      eaa16b1ec4f019a3b9e252b62d9b7fb3fdd1b88761ebf2c40ce8ff2ddfe469a7efede5bdb81ae1c3a04710490c30ba596f08f2c3ccc021d04c8bb3f68476e271

    • SSDEEP

      1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1ZS:022TWTogk079THcpOu5UZ+DEuP

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks