Overview

overview

10

Static

static

1

efaed0b6d5...18.doc

windows7-x64

10

efaed0b6d5...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    efaed0b6d5b4123bb87f9bb06e7dc87d_JaffaCakes118

  • Size

    160KB

  • Sample

    240921-ngd4pszdnr

  • MD5

    efaed0b6d5b4123bb87f9bb06e7dc87d

  • SHA1

    7b29440e59a455fb8e7668c52a0a5f4db191bee7

  • SHA256

    8b418d7e9d70f4af059c6057afdb2ac4e4d7dab67843b9ebfb323cc7193db567

  • SHA512

    077881451a7aeb346584684324f36cfa73df78d90c1b3ee7ebf7c6cab507251160a86abedcfb8faa2c14c5ed600689183e534c5a76b7e17303795133e11b7647

  • SSDEEP

    3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTXWJ3/t5Atm7p:+Ct+zjR9/TX07hHcJQqJvt5Atm7p

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://khobormalda.com/wp-content/82/
exe.dropper

http://blog.zunapro.com/wp-admin/LEE/
exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/
exe.dropper

https://online24h.biz/wp-admin/K/
exe.dropper

https://fepami.com/wp-includes/eaI/
exe.dropper

http://ora-ks.com/system/cache/w/
exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

    • Target

      efaed0b6d5b4123bb87f9bb06e7dc87d_JaffaCakes118

    • Size

      160KB

    • MD5

      efaed0b6d5b4123bb87f9bb06e7dc87d

    • SHA1

      7b29440e59a455fb8e7668c52a0a5f4db191bee7

    • SHA256

      8b418d7e9d70f4af059c6057afdb2ac4e4d7dab67843b9ebfb323cc7193db567

    • SHA512

      077881451a7aeb346584684324f36cfa73df78d90c1b3ee7ebf7c6cab507251160a86abedcfb8faa2c14c5ed600689183e534c5a76b7e17303795133e11b7647

    • SSDEEP

      3072:+KNtK1zjRjJz22TWTogk079THcpOu5UZTXWJ3/t5Atm7p:+Ct+zjR9/TX07hHcJQqJvt5Atm7p

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks