Overview

overview

10

Static

static

1

eef3b819be...18.doc

windows7-x64

10

eef3b819be...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eef3b819be406ef7408059d08dd393b1_JaffaCakes118

  • Size

    187KB

  • Sample

    240921-djlw8ascjp

  • MD5

    eef3b819be406ef7408059d08dd393b1

  • SHA1

    d10c57a77e5e893eadc4f183c69cf545039a0bcd

  • SHA256

    9243618e3533ddf75d1106555b3aad908b5a34d8ae7a1065a683bf73e6b21a4d

  • SHA512

    823c29ca73cda047d5365086e8aa6a5d6f411d6ded4fbd35459b967d90ec6dbd44530f923e073a25c0579b018b988b62f7649d0ed6586f083964bfac32570b1f

  • SSDEEP

    3072:dA9ov+mLIX7wzt0HHDnwjacRHvvvvZo8gEmv:Sat0TwDRi8gEmv

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://techiweek.com/wp-includes/FW6/
exe.dropper

https://ravi-tools.com/js/1/
exe.dropper

https://providedigital.com/wp-admin/Igvi3l/
exe.dropper

https://nghiencauca.com/wp-includes/BOInu4E/
exe.dropper

http://jietuo66.com/hwqsv/oC/
exe.dropper

https://oklatu.com/wp-admin/i/
exe.dropper

https://blog.thejobstack.com/pmloibg/M/

Targets

    • Target

      eef3b819be406ef7408059d08dd393b1_JaffaCakes118

    • Size

      187KB

    • MD5

      eef3b819be406ef7408059d08dd393b1

    • SHA1

      d10c57a77e5e893eadc4f183c69cf545039a0bcd

    • SHA256

      9243618e3533ddf75d1106555b3aad908b5a34d8ae7a1065a683bf73e6b21a4d

    • SHA512

      823c29ca73cda047d5365086e8aa6a5d6f411d6ded4fbd35459b967d90ec6dbd44530f923e073a25c0579b018b988b62f7649d0ed6586f083964bfac32570b1f

    • SSDEEP

      3072:dA9ov+mLIX7wzt0HHDnwjacRHvvvvZo8gEmv:Sat0TwDRi8gEmv

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks