Overview

overview

10

Static

static

1

fdded2aef6...18.doc

windows7-x64

10

fdded2aef6...18.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    fdded2aef6a62c9353284d3ae959899c_JaffaCakes118

  • Size

    141KB

  • Sample

    240929-fz127atgmd

  • MD5

    fdded2aef6a62c9353284d3ae959899c

  • SHA1

    6bc578587dcf5b31b9a6579e732471c7404e6cae

  • SHA256

    dade9df0dc4f0946c890687fe36e0d7606ab7e2679a0cfb77ebf88e0881be28f

  • SHA512

    adc6675f3d81da71d5c3673878e9a27d7c4758cfd528e08e8684daadaa1b9d8f667448d9fa4375410e54851b7e3d7a2ba4afbc7c10733fb3a1c77dc6aa6deb93

  • SSDEEP

    1536:ALRD3bNqfNpu39IId5a6XP3Mg8afCqe6oF3Cgar3Pd0MZXiNjLooZ:8R1qf69xak3MgxCAoMFr3Pd0MZXiNPvZ

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://shop.mtcss.co.uk/wp-admin/USQFPj/
exe.dropper

https://handfinger.com/wp-includes/iCY/
exe.dropper

http://hanulmotors.com/nbqso/8Tz/
exe.dropper

http://helpinghands4needy.org/wp-content/LgrI9g/
exe.dropper

http://www.ecobaratocanaria.com/wordpress/Jt/
exe.dropper

http://macerindia.com/wp-content/hRS/
exe.dropper

http://cfn.tvstartup.com/wp-content/7dNH1LI/

Targets

    • Target

      fdded2aef6a62c9353284d3ae959899c_JaffaCakes118

    • Size

      141KB

    • MD5

      fdded2aef6a62c9353284d3ae959899c

    • SHA1

      6bc578587dcf5b31b9a6579e732471c7404e6cae

    • SHA256

      dade9df0dc4f0946c890687fe36e0d7606ab7e2679a0cfb77ebf88e0881be28f

    • SHA512

      adc6675f3d81da71d5c3673878e9a27d7c4758cfd528e08e8684daadaa1b9d8f667448d9fa4375410e54851b7e3d7a2ba4afbc7c10733fb3a1c77dc6aa6deb93

    • SSDEEP

      1536:ALRD3bNqfNpu39IId5a6XP3Mg8afCqe6oF3Cgar3Pd0MZXiNjLooZ:8R1qf69xak3MgxCAoMFr3Pd0MZXiNPvZ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks