d0dcbde5aede4521f1d0489d388b91bd821e1974f6638e733c3666be52be48c2

General

Target

027f4f23560db81d2840e96de3be4390_JaffaCakes118
Size

152KB
Sample

240427-ft7msace7y
MD5

027f4f23560db81d2840e96de3be4390
SHA1

f948084cbd42640ec8eb8215d83a0dbb0c0eea74
SHA256

d0dcbde5aede4521f1d0489d388b91bd821e1974f6638e733c3666be52be48c2
SHA512

cc4afca29d0bae8ac88af8e1b5d6c1a2f47c6f8a5ecb4dc4a33b60ba13f77fefd9a1b3f6a09d5f219abf37b9ac9a7275a78d9f29b00b1a69e9df629526febd1f
SSDEEP

1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9urqYzE4gLPPxzwP:irfrzOH98ipgUqYzE4mxzwP

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://www.gozowindmill.com/meteo/97/

exe.dropper

http://www.greaudstudio.com/docs/Z/

exe.dropper

https://b176f.cn/wp-admin/1/

exe.dropper

https://blog.socialpill.in/jdzetd/fZuInax/

exe.dropper

http://maisshake.com.br/wp-includes/dPmzV1/

exe.dropper

http://mesdelicesitaliens.fr/wp-admin/tSlCBpP/

exe.dropper

http://grndl.com/oinj/j4/

Targets

- Target
  
  027f4f23560db81d2840e96de3be4390_JaffaCakes118
- Size
  
  152KB
- MD5
  
  027f4f23560db81d2840e96de3be4390
- SHA1
  
  f948084cbd42640ec8eb8215d83a0dbb0c0eea74
- SHA256
  
  d0dcbde5aede4521f1d0489d388b91bd821e1974f6638e733c3666be52be48c2
- SHA512
  
  cc4afca29d0bae8ac88af8e1b5d6c1a2f47c6f8a5ecb4dc4a33b60ba13f77fefd9a1b3f6a09d5f219abf37b9ac9a7275a78d9f29b00b1a69e9df629526febd1f
- SSDEEP
  
  1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9urqYzE4gLPPxzwP:irfrzOH98ipgUqYzE4mxzwP
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2