Overview

overview

10

Static

static

8

ef0a51a0c4...18.doc

windows7-x64

10

ef0a51a0c4...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef0a51a0c448005dc87a79e14ab29b26_JaffaCakes118

  • Size

    224KB

  • Sample

    240921-eqcgssvaje

  • MD5

    ef0a51a0c448005dc87a79e14ab29b26

  • SHA1

    438cef80040f46b3e83faffb81bebb711f296c39

  • SHA256

    643d6086cc7145187bc48f08e906244f750cf3830ae09a58630b8074cdb916b4

  • SHA512

    faf3cab985eb817b1bfd7a8d058be31cb1025bedb3d276ac0e410ed6fd095b5136a81b043e6d509b2a77d2e3f4f17c70527a6aef1926d39dfb8397953f652720

  • SSDEEP

    3072:lV4PrXcuQuvpzm4bkiaMQgAlSmF62ezg2fS:cDRv1m4bnQgISmF6Lg2fS

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/B/
exe.dropper

https://menuazores.com/root/4eq/
exe.dropper

https://www.lunalysis.com/images/P/
exe.dropper

https://fedo.xyz/wp-admin/AaD/
exe.dropper

http://themsc.net/cctqv/M/
exe.dropper

http://earthinnovation.org/pcimonitor/d/
exe.dropper

http://pastaciyiz.biz/wp-includes/1/

Targets

    • Target

      ef0a51a0c448005dc87a79e14ab29b26_JaffaCakes118

    • Size

      224KB

    • MD5

      ef0a51a0c448005dc87a79e14ab29b26

    • SHA1

      438cef80040f46b3e83faffb81bebb711f296c39

    • SHA256

      643d6086cc7145187bc48f08e906244f750cf3830ae09a58630b8074cdb916b4

    • SHA512

      faf3cab985eb817b1bfd7a8d058be31cb1025bedb3d276ac0e410ed6fd095b5136a81b043e6d509b2a77d2e3f4f17c70527a6aef1926d39dfb8397953f652720

    • SSDEEP

      3072:lV4PrXcuQuvpzm4bkiaMQgAlSmF62ezg2fS:cDRv1m4bnQgISmF6Lg2fS

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks