Overview

overview

10

Static

static

8

eeb6ca1add...18.doc

windows7-x64

10

eeb6ca1add...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeb6ca1addd4949733222fdb491da878_JaffaCakes118

  • Size

    190KB

  • Sample

    240921-akn67awclf

  • MD5

    eeb6ca1addd4949733222fdb491da878

  • SHA1

    48f041a2fc4ebcb132aada778f3bfeb7d43a23bb

  • SHA256

    356b82eeebe4eebc57579bc3932589783542b3b169a2f2c85dfa0c78fddb7ac1

  • SHA512

    ccd7b704a352d640ecebd76c8faa75c6edf12f5145fb496f53f29e75da74e2ccb81f1bb8dff224929f1683f65efee05018d78281bc565701d23afccbc3d14c82

  • SSDEEP

    3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKN5:E/TX07hHcJQ1uezUEL25

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://minershallmuseum.com/documents/D/
exe.dropper

http://injazjordan.com/moodle/Vh/
exe.dropper

https://site1.xyz/wp-admin/Y/
exe.dropper

http://2bstone.com/vr7tf0c/ZD/
exe.dropper

http://biology-360.com/wp-admin/hv/
exe.dropper

http://tez-tour.site/wp-content/9sB/
exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

    • Target

      eeb6ca1addd4949733222fdb491da878_JaffaCakes118

    • Size

      190KB

    • MD5

      eeb6ca1addd4949733222fdb491da878

    • SHA1

      48f041a2fc4ebcb132aada778f3bfeb7d43a23bb

    • SHA256

      356b82eeebe4eebc57579bc3932589783542b3b169a2f2c85dfa0c78fddb7ac1

    • SHA512

      ccd7b704a352d640ecebd76c8faa75c6edf12f5145fb496f53f29e75da74e2ccb81f1bb8dff224929f1683f65efee05018d78281bc565701d23afccbc3d14c82

    • SSDEEP

      3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKN5:E/TX07hHcJQ1uezUEL25

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks