Overview

overview

10

Static

static

1

ff03d3b4f1...18.doc

windows7-x64

10

ff03d3b4f1...18.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ff03d3b4f16feac49f2940c637d8b05c_JaffaCakes118

  • Size

    149KB

  • Sample

    240929-vzshdatakq

  • MD5

    ff03d3b4f16feac49f2940c637d8b05c

  • SHA1

    8b2792693260f4c212fd0dce3a19f2a0513facfb

  • SHA256

    c7678263136c72eae4c2d6509a5b7b56e6a1737087b40b9757c0bc424b627fd5

  • SHA512

    125880bfb3fc05111108832458bb97603c1f44ba421aebe1c60f6df45b23cd40cda31569d159b6c038d2cb888628ae3fa428305d264e5d8b796efc9a6829ee2a

  • SSDEEP

    3072:dLAzJ85LuMoeffRcescowUYrktrQWj7GqT:48B2r1HYkOWjjT

Score
10/10
discovery

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://voguefitz.com/wp-content/se/
exe.dropper

http://www.coop-yeboekon.net/wp-admin/w/
exe.dropper

https://hotelunique.com/cardapios/T8U/
exe.dropper

https://prafulloorja.org/2wvl/P/
exe.dropper

http://turbineseuperfil.online/sitetarget/7G/
exe.dropper

http://guarany.net/zefiro/DDI/
exe.dropper

https://fairplay.company/wp-includes/00/

Targets

    • Target

      ff03d3b4f16feac49f2940c637d8b05c_JaffaCakes118

    • Size

      149KB

    • MD5

      ff03d3b4f16feac49f2940c637d8b05c

    • SHA1

      8b2792693260f4c212fd0dce3a19f2a0513facfb

    • SHA256

      c7678263136c72eae4c2d6509a5b7b56e6a1737087b40b9757c0bc424b627fd5

    • SHA512

      125880bfb3fc05111108832458bb97603c1f44ba421aebe1c60f6df45b23cd40cda31569d159b6c038d2cb888628ae3fa428305d264e5d8b796efc9a6829ee2a

    • SSDEEP

      3072:dLAzJ85LuMoeffRcescowUYrktrQWj7GqT:48B2r1HYkOWjjT

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks