418535f82699ce0df10d39ac2798fcce30da6070fb7b9b0f28562d1146f49e69 | Triage

Submit
Reports

Overview

overview

Static

static

1

ef12da113b...18.doc

windows7-x64

ef12da113b...18.doc

windows10-2004-x64

6

Sharing

General

Target

ef12da113bc33f90f1333f3f09c48aae_JaffaCakes118
Size

153KB
Sample

240921-e6lqeavgmj
MD5

ef12da113bc33f90f1333f3f09c48aae
SHA1

b9706a0643cd89f07e25a8f43ed1d7b601e00a00
SHA256

418535f82699ce0df10d39ac2798fcce30da6070fb7b9b0f28562d1146f49e69
SHA512

0bd2d34824323cfefc354dbb1808f6474d978637e059c6be6aa71147432a5954533c63fbf10d69dc8c054f87b8750c4c52f89fb7d5ba90ab0867b7e5051f64b1
SSDEEP

1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1Ze:022TWTogk079THcpOu5UZ+rEuH

Score

10^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

ef12da113bc33f90f1333f3f09c48aae_JaffaCakes118.doc

Resource

win7-20240708-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef12da113bc33f90f1333f3f09c48aae_JaffaCakes118.doc

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.firhajshoes.com/wp-admin/RgaiT/

exe.dropper

http://fakeread.com/OneSignal-Web-SDK-HTTPS-Integration-Files/Wf/

exe.dropper

http://www.rttutoring.com/wp-includes/LlbY6o/

exe.dropper

http://blueskysol.com/sys-cache/2Rk/

exe.dropper

http://crazyboxs.com/cgi-bin/IaJ/

exe.dropper

http://www.paramedicaleducationguidelines.com/wp-admin/3jXU5Bp/

exe.dropper

http://nuhatoys.com/wp-admin/WWA4R/

Targets

- Target
  
  ef12da113bc33f90f1333f3f09c48aae_JaffaCakes118
- Size
  
  153KB
- MD5
  
  ef12da113bc33f90f1333f3f09c48aae
- SHA1
  
  b9706a0643cd89f07e25a8f43ed1d7b601e00a00
- SHA256
  
  418535f82699ce0df10d39ac2798fcce30da6070fb7b9b0f28562d1146f49e69
- SHA512
  
  0bd2d34824323cfefc354dbb1808f6474d978637e059c6be6aa71147432a5954533c63fbf10d69dc8c054f87b8750c4c52f89fb7d5ba90ab0867b7e5051f64b1
- SSDEEP
  
  1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1Ze:022TWTogk079THcpOu5UZ+rEuH
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy