Overview

overview

10

Static

static

8

f9d44d746f...18.doc

windows7-x64

10

f9d44d746f...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f9d44d746f66a4e1b15eabc3a13494da_JaffaCakes118

  • Size

    175KB

  • Sample

    240927-gf3x4s1brd

  • MD5

    f9d44d746f66a4e1b15eabc3a13494da

  • SHA1

    61a192b4ac025c18013aa54e5e6fa1ae1ef51b02

  • SHA256

    2c5f35f76a22d176543b8d304110007e10fa6f0a0baa89beb08e738aa86e7028

  • SHA512

    cab128f6ebb2991608492cd0672e0c1ee8373db3edfd5a14267c4eb5be883727527f764d921df09ecce2310e645ded3fd7de0e7f880dc2b7c2e256377bc20b89

  • SSDEEP

    3072:R4PrXcuQuvpzm4bkiaMQgAlSBHmDaZ+XuS1MxnEpST6Cm1PU7wRDqeC:mDRv1m4bnQgISBbZZA87wRDqeC

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bsc5000.com/aspnet_client/bw/
exe.dropper

http://badamboom.com/zxwxo/qkm/
exe.dropper

https://coolsculptingbangkok.clinic/filterl/s/
exe.dropper

https://via0.com/wp-admin/js/grZw/
exe.dropper

http://kohsorkh-sarzamin-man.ir/wkyhhb/d2djxo/

Targets

    • Target

      f9d44d746f66a4e1b15eabc3a13494da_JaffaCakes118

    • Size

      175KB

    • MD5

      f9d44d746f66a4e1b15eabc3a13494da

    • SHA1

      61a192b4ac025c18013aa54e5e6fa1ae1ef51b02

    • SHA256

      2c5f35f76a22d176543b8d304110007e10fa6f0a0baa89beb08e738aa86e7028

    • SHA512

      cab128f6ebb2991608492cd0672e0c1ee8373db3edfd5a14267c4eb5be883727527f764d921df09ecce2310e645ded3fd7de0e7f880dc2b7c2e256377bc20b89

    • SSDEEP

      3072:R4PrXcuQuvpzm4bkiaMQgAlSBHmDaZ+XuS1MxnEpST6Cm1PU7wRDqeC:mDRv1m4bnQgISBbZZA87wRDqeC

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks