Overview

overview

10

Static

static

1

eec16311c8...18.doc

windows7-x64

10

eec16311c8...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eec16311c84becfce8619f51c1cab24a_JaffaCakes118

  • Size

    161KB

  • Sample

    240921-a435fsxcrp

  • MD5

    eec16311c84becfce8619f51c1cab24a

  • SHA1

    bbaea1dfffd3b9009a473cc66b1a2b8bde828b28

  • SHA256

    16f75edb898e43ae44ff9318faed5391597f8d7c77da9893a18293408da5194c

  • SHA512

    4383c32ae8ee4212a6bbd4d634cdc172d1f3bbd976429e5c82736f521f09cd0708251101e73e8e8fda5100f952e7fc71426cb3472b1aa8770bedb2763a7de50e

  • SSDEEP

    3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTcWJ3/t5AtmAB:+Ct+zjR9/TX07hHcJQ9Jvt5AtmAB

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://khobormalda.com/wp-content/82/
exe.dropper

http://blog.zunapro.com/wp-admin/LEE/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/
exe.dropper

https://online24h.biz/wp-admin/K/
exe.dropper

https://fepami.com/wp-includes/eaI/
exe.dropper

http://ora-ks.com/system/cache/w/
exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

    • Target

      eec16311c84becfce8619f51c1cab24a_JaffaCakes118

    • Size

      161KB

    • MD5

      eec16311c84becfce8619f51c1cab24a

    • SHA1

      bbaea1dfffd3b9009a473cc66b1a2b8bde828b28

    • SHA256

      16f75edb898e43ae44ff9318faed5391597f8d7c77da9893a18293408da5194c

    • SHA512

      4383c32ae8ee4212a6bbd4d634cdc172d1f3bbd976429e5c82736f521f09cd0708251101e73e8e8fda5100f952e7fc71426cb3472b1aa8770bedb2763a7de50e

    • SSDEEP

      3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTcWJ3/t5AtmAB:+Ct+zjR9/TX07hHcJQ9Jvt5AtmAB

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks