ea4bcbe90240950b3246ac90b8c4dbf5c2f03b839328ea0583e893e0ad72ddb9

General

Target

0287c310be61abadd714d26d78a476fe_JaffaCakes118
Size

152KB
Sample

240427-f5584acb37
MD5

0287c310be61abadd714d26d78a476fe
SHA1

1bf1e8b62f25393ad15dc9b3177c7bc118ff4d91
SHA256

ea4bcbe90240950b3246ac90b8c4dbf5c2f03b839328ea0583e893e0ad72ddb9
SHA512

a1b1e024c73c67dcd1fd35086b200a5a92f2d88f5db9c499e286b925626894628e0dd529e417ec0ea75266bbdc82f8c5fa371f69a9d20cc11e522e6ce8df8049
SSDEEP

3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zedm:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCW

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://pressuredspeech.com/dngn/cEmgNTByQ/

exe.dropper

https://phoneringtones.info/wp-content/uploads/qx93_k68trw3j-15334/

exe.dropper

http://safeservicesfze.com/wp-admin/ZmVYmAXv/

exe.dropper

https://freewallpaperdesktop.com/wp-includes/50lz_zkln03lbc-8209361/

exe.dropper

http://noingoaithatthanhnam.com/wp-admin/voytvHre/

Targets

- Target
  
  0287c310be61abadd714d26d78a476fe_JaffaCakes118
- Size
  
  152KB
- MD5
  
  0287c310be61abadd714d26d78a476fe
- SHA1
  
  1bf1e8b62f25393ad15dc9b3177c7bc118ff4d91
- SHA256
  
  ea4bcbe90240950b3246ac90b8c4dbf5c2f03b839328ea0583e893e0ad72ddb9
- SHA512
  
  a1b1e024c73c67dcd1fd35086b200a5a92f2d88f5db9c499e286b925626894628e0dd529e417ec0ea75266bbdc82f8c5fa371f69a9d20cc11e522e6ce8df8049
- SSDEEP
  
  3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zedm:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCW
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2