a84f95c0558d7b9d3a2a1b254ce94e82033e880445bc33e19ad57c8d76b90ca7

General

Target

0bfa9702c05f303cf0ef69293b52ec6e_JaffaCakes118
Size

165KB
Sample

240501-rbnmqsae44
MD5

0bfa9702c05f303cf0ef69293b52ec6e
SHA1

3561ecd13f2ed821ff206cb0ff7262a0ce84abd4
SHA256

a84f95c0558d7b9d3a2a1b254ce94e82033e880445bc33e19ad57c8d76b90ca7
SHA512

e30b6342065dcc6af915c192507547f35fb52bbf3001c3d1381527fa542c95d84c3aba5096afd8ce6f6dcba72b638dd490a30f860ee8961619b639fe3dd6b42d
SSDEEP

3072:h77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qyTl7IlSeAvMnyor/6GNDVDAGWM21rS:h77HUUUUUUUUUUUUUUUUUUUT52Vzl7U9

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://programmephenix.com/wp-content/languages/kjdx0ls2/

exe.dropper

http://axletime.com/wp-admin/r0gmx40208/

exe.dropper

http://5elements-development.com/wp-content/uoesp16/

exe.dropper

http://bestphotographytnj.com/rrm9/lm83yx518/

exe.dropper

http://citilinesholdings.com/wp/cysk9wh832/

Targets

- Target
  
  0bfa9702c05f303cf0ef69293b52ec6e_JaffaCakes118
- Size
  
  165KB
- MD5
  
  0bfa9702c05f303cf0ef69293b52ec6e
- SHA1
  
  3561ecd13f2ed821ff206cb0ff7262a0ce84abd4
- SHA256
  
  a84f95c0558d7b9d3a2a1b254ce94e82033e880445bc33e19ad57c8d76b90ca7
- SHA512
  
  e30b6342065dcc6af915c192507547f35fb52bbf3001c3d1381527fa542c95d84c3aba5096afd8ce6f6dcba72b638dd490a30f860ee8961619b639fe3dd6b42d
- SSDEEP
  
  3072:h77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qyTl7IlSeAvMnyor/6GNDVDAGWM21rS:h77HUUUUUUUUUUUUUUUUUUUT52Vzl7U9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2