50cae3ad5a58a4c52773cf8252ac8afef2ec987541c3313064295d0535969553

General

Target

04dcd1a8006cc2c5a62f51b59af33c6f_JaffaCakes118
Size

237KB
Sample

240428-k9sk1sce29
MD5

04dcd1a8006cc2c5a62f51b59af33c6f
SHA1

c42054956dc5f4ce509538675c51d4e82efc1b21
SHA256

50cae3ad5a58a4c52773cf8252ac8afef2ec987541c3313064295d0535969553
SHA512

0b7cd9d060cc71eaf94ef049babaf0384e2954546b81853103f1a064394ed4022ea06a61849c274b1c845d244b28d1a7b50485bdd1ac312173d3d578ffc9b25a
SSDEEP

3072:9Ed93LpGo0aQLkaReAkQz4P56rkR6i+Pidf+le0I1nR3:9Ed2VZj7cPEi66f+7I1nR3

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://neumaticosutilizados.com/1TI81PRQLORR

exe.dropper

http://whiskyshipper.com/wp-content/A8BRS9sLl8i_P8DBsLho

exe.dropper

http://geestdriftnu.com/gqXb3ghkRZJ6tjL8_Y

exe.dropper

http://matex.biz//RQR0RaohiR_P

exe.dropper

http://beepme.eu/OtwnseuMiQetfBs

Targets

- Target
  
  04dcd1a8006cc2c5a62f51b59af33c6f_JaffaCakes118
- Size
  
  237KB
- MD5
  
  04dcd1a8006cc2c5a62f51b59af33c6f
- SHA1
  
  c42054956dc5f4ce509538675c51d4e82efc1b21
- SHA256
  
  50cae3ad5a58a4c52773cf8252ac8afef2ec987541c3313064295d0535969553
- SHA512
  
  0b7cd9d060cc71eaf94ef049babaf0384e2954546b81853103f1a064394ed4022ea06a61849c274b1c845d244b28d1a7b50485bdd1ac312173d3d578ffc9b25a
- SSDEEP
  
  3072:9Ed93LpGo0aQLkaReAkQz4P56rkR6i+Pidf+le0I1nR3:9Ed2VZj7cPEi66f+7I1nR3
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2