Overview

overview

10

Static

static

8

f984c470c0...18.doc

windows7-x64

10

f984c470c0...18.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    f984c470c0f569914cbf5cb343613808_JaffaCakes118

  • Size

    157KB

  • Sample

    240927-cn2b2asgne

  • MD5

    f984c470c0f569914cbf5cb343613808

  • SHA1

    65a0c8fc34051ddaa7230d78aaa62d69657db7e4

  • SHA256

    ca94909f7c965de717109a19516d02b75fe6239e99684c5c3438e8a353509c94

  • SHA512

    782f062fb5805dfb2f1db4367800c723a8505581da27eb160454ed211efe35ffa0502135c90339ff9258d58d853c8ab623bf8a0ce4e22c2c62a19875d57259df

  • SSDEEP

    1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a986Fgx+5eZ:ErfrzOH98ipg06FO+EZ

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://citas.nubeweb24.com/wp-admin/bd0/
exe.dropper

http://wallenkelley.xyz/wp-content/A1/
exe.dropper

http://noraiport.nubeweb24.com/wp-admin/eh5/
exe.dropper

https://citybasket.in/sitemap/quZ/
exe.dropper

http://tingme.vn/wp-content/plugins/X/
exe.dropper

https://fairplay.company/wp-includes/H/
exe.dropper

https://casa.nubeweb24.com/wp-admin/hiR/

Targets

    • Target

      f984c470c0f569914cbf5cb343613808_JaffaCakes118

    • Size

      157KB

    • MD5

      f984c470c0f569914cbf5cb343613808

    • SHA1

      65a0c8fc34051ddaa7230d78aaa62d69657db7e4

    • SHA256

      ca94909f7c965de717109a19516d02b75fe6239e99684c5c3438e8a353509c94

    • SHA512

      782f062fb5805dfb2f1db4367800c723a8505581da27eb160454ed211efe35ffa0502135c90339ff9258d58d853c8ab623bf8a0ce4e22c2c62a19875d57259df

    • SSDEEP

      1536:ERWfcRWfsrdi1Ir77zOH98Wj2gpngd+a986Fgx+5eZ:ErfrzOH98ipg06FO+EZ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks