Overview

overview

10

Static

static

1

ee3aa76009...18.doc

windows7-x64

10

ee3aa76009...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee3aa76009869d8f92eaff7039e38c9c_JaffaCakes118

  • Size

    149KB

  • Sample

    240920-xlc7mssdnl

  • MD5

    ee3aa76009869d8f92eaff7039e38c9c

  • SHA1

    355c2a43a070b25a4852d3f3957cb654f0a40be5

  • SHA256

    75b77dbe974f5881fa3c5321ca387ec5f36654debdfcd17322eb2e1a98f7b17b

  • SHA512

    e3a70dfdf89ad1210b2f00475d32c369a032a0bb32bcba8525bbcc2009a2bff65b5551043d6db1d979ddb408229f09da48baa9d8c7acd39d607f813abad3d8ef

  • SSDEEP

    3072:dLAzJ85LuMoeffRcescowUYrktr+Wj7Gq7:48B2r1HYkcWjj7

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://voguefitz.com/wp-content/se/
exe.dropper

http://www.coop-yeboekon.net/wp-admin/w/
exe.dropper

https://hotelunique.com/cardapios/T8U/
exe.dropper

https://prafulloorja.org/2wvl/P/
exe.dropper

http://turbineseuperfil.online/sitetarget/7G/
exe.dropper

http://guarany.net/zefiro/DDI/
exe.dropper

https://fairplay.company/wp-includes/00/

Targets

    • Target

      ee3aa76009869d8f92eaff7039e38c9c_JaffaCakes118

    • Size

      149KB

    • MD5

      ee3aa76009869d8f92eaff7039e38c9c

    • SHA1

      355c2a43a070b25a4852d3f3957cb654f0a40be5

    • SHA256

      75b77dbe974f5881fa3c5321ca387ec5f36654debdfcd17322eb2e1a98f7b17b

    • SHA512

      e3a70dfdf89ad1210b2f00475d32c369a032a0bb32bcba8525bbcc2009a2bff65b5551043d6db1d979ddb408229f09da48baa9d8c7acd39d607f813abad3d8ef

    • SSDEEP

      3072:dLAzJ85LuMoeffRcescowUYrktr+Wj7Gq7:48B2r1HYkcWjj7

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks