b8471a4e8094436017a60c310e7c020507e74c936d412f685316f82f5c3357cf

General

Target

02b9fdbf0cb415dbd2e1d3720aa8bc70_JaffaCakes118
Size

193KB
Sample

240427-jb9k7see5z
MD5

02b9fdbf0cb415dbd2e1d3720aa8bc70
SHA1

1884c74f8e4e90ce81a96bcb30e8842afbcba1ea
SHA256

b8471a4e8094436017a60c310e7c020507e74c936d412f685316f82f5c3357cf
SHA512

258dc593b2fdbfca3f5432261fba7f4faa4a6c5002418b0ecfbe219d1a276412989524055ca084a75f327976848b9db438f18aa3108a7c91a802472110f939b7
SSDEEP

6144:u77HUUUUUUUUUUUUUUUUUUUT52V6JoGXPjm+iNQBA81RqHOOhb6DwN:u77HUUUUUUUUUUUUUUUUUUUTCyoUmQBU

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://lizrotihouse.com/logos/1_pR/

exe.dropper

http://jessicazck.com/wp-includes/nB_m/

exe.dropper

http://www.versatilehairshop.com/wp-content/upgrade/p_mR/

exe.dropper

http://cheapesthost.com.ng/cgi-bin/jT_Ld/

exe.dropper

http://temp.wizforward.com/wp-includes/U_ZD/

Targets

- Target
  
  02b9fdbf0cb415dbd2e1d3720aa8bc70_JaffaCakes118
- Size
  
  193KB
- MD5
  
  02b9fdbf0cb415dbd2e1d3720aa8bc70
- SHA1
  
  1884c74f8e4e90ce81a96bcb30e8842afbcba1ea
- SHA256
  
  b8471a4e8094436017a60c310e7c020507e74c936d412f685316f82f5c3357cf
- SHA512
  
  258dc593b2fdbfca3f5432261fba7f4faa4a6c5002418b0ecfbe219d1a276412989524055ca084a75f327976848b9db438f18aa3108a7c91a802472110f939b7
- SSDEEP
  
  6144:u77HUUUUUUUUUUUUUUUUUUUT52V6JoGXPjm+iNQBA81RqHOOhb6DwN:u77HUUUUUUUUUUUUUUUUUUUTCyoUmQBU
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2