Overview

overview

10

Static

static

1

efc7496971...18.doc

windows7-x64

10

efc7496971...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efc7496971852273333878565f1ae42e_JaffaCakes118

  • Size

    150KB

  • Sample

    240921-phfjlasbpk

  • MD5

    efc7496971852273333878565f1ae42e

  • SHA1

    c468adf96fd23d361be89ad9c0d6dfee13de84d2

  • SHA256

    83fd6559644d926b48ff4919dd0db8f0965145851fbb586ad9fa10038412e229

  • SHA512

    9cc455a62c0673eaf0a53d09e97a55a3757aae9756faa387d90bab54dddeb3f24dcc667e7eaee2dd955163ed1d9dcd4f4d0092ca286023004c0e7d1d59300c9b

  • SSDEEP

    1536:TJVnK90GM9xuXFEr4Zx50zkGcclJvahtq4EHXiNL0CMdfFB6O2:TfCMbu1Ty+crSUXiNBUfFB6O2

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://jubilantenterprise.com/wp-admin/Mj/
exe.dropper

http://brycebrumley.com/wp-admin/lj/
exe.dropper

http://aprendiendoganasdigital.com/wp-admin/r/
exe.dropper

http://mymorninglove.com/wp-admin/acv/
exe.dropper

http://shivam-aggarwal.com/cgi-bin/Zr/
exe.dropper

https://originalsalonqatar.com/wp-admin/lS0/
exe.dropper

http://aigtreyas.com/wp-content/p/

Targets

    • Target

      efc7496971852273333878565f1ae42e_JaffaCakes118

    • Size

      150KB

    • MD5

      efc7496971852273333878565f1ae42e

    • SHA1

      c468adf96fd23d361be89ad9c0d6dfee13de84d2

    • SHA256

      83fd6559644d926b48ff4919dd0db8f0965145851fbb586ad9fa10038412e229

    • SHA512

      9cc455a62c0673eaf0a53d09e97a55a3757aae9756faa387d90bab54dddeb3f24dcc667e7eaee2dd955163ed1d9dcd4f4d0092ca286023004c0e7d1d59300c9b

    • SSDEEP

      1536:TJVnK90GM9xuXFEr4Zx50zkGcclJvahtq4EHXiNL0CMdfFB6O2:TfCMbu1Ty+crSUXiNBUfFB6O2

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks