Overview

overview

10

Static

static

1

ee235c6bd0...18.doc

windows7-x64

10

ee235c6bd0...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee235c6bd0f78cd402995bd41b3a8acc_JaffaCakes118

  • Size

    130KB

  • Sample

    240920-wk2m6szdkm

  • MD5

    ee235c6bd0f78cd402995bd41b3a8acc

  • SHA1

    92726d802033e9009f72066e87db44bfc1c6c247

  • SHA256

    047dcdea43b6f5d6401073b49c7773d698b0815f45ec97a05c6e8ffd77ba05c7

  • SHA512

    be99f6eb6d0193406a29908460dd25676da49583f65872fa3d46c7912806ce1ddfdcb671f509bd695323f571e54640cd53bdd247bd51d713a51a9c362dc6cc40

  • SSDEEP

    1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqFiNmmGdJxnX9:sR1qf69xak3MgxCCwmmYrnX9

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://hopekonnect.com/cgi-bin/v3DD/
exe.dropper

http://cabinetaccuracy.com/wp-includes/n90DBu/
exe.dropper

http://ksulo.com/wp-admin/NvruA/
exe.dropper

https://travcalls.com/blogs/bslVh/
exe.dropper

https://raanivastra.com/wp-content/q/
exe.dropper

http://231brewingco.com/wp-includes/gwUy/
exe.dropper

http://mealeapalacegate.com/cgi-bin/G/

Targets

    • Target

      ee235c6bd0f78cd402995bd41b3a8acc_JaffaCakes118

    • Size

      130KB

    • MD5

      ee235c6bd0f78cd402995bd41b3a8acc

    • SHA1

      92726d802033e9009f72066e87db44bfc1c6c247

    • SHA256

      047dcdea43b6f5d6401073b49c7773d698b0815f45ec97a05c6e8ffd77ba05c7

    • SHA512

      be99f6eb6d0193406a29908460dd25676da49583f65872fa3d46c7912806ce1ddfdcb671f509bd695323f571e54640cd53bdd247bd51d713a51a9c362dc6cc40

    • SSDEEP

      1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqFiNmmGdJxnX9:sR1qf69xak3MgxCCwmmYrnX9

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks