04f4d53da683b57017b08f05bada9075980bcaf03f620dafb00b69aab881b42c

General

Target

304f915bed575523952cca9ab840402d_JaffaCakes118
Size

115KB
Sample

240510-we9ftshf8z
MD5

304f915bed575523952cca9ab840402d
SHA1

4b4f89c52dd3396a07d9d11f6e3300b1f2b5526e
SHA256

04f4d53da683b57017b08f05bada9075980bcaf03f620dafb00b69aab881b42c
SHA512

e24860cf1bbeaa6d82041f4a750cbdf1c387f3d56eb6f084bd64c05aa7706bbee7b769b1be5d2378a4dc20aeed931c225b174d82976e931a38dc9722e9f025d6
SSDEEP

1536:nqI0bf/D8mcNf5CaeH1vC8Y7dy4z35lysKDJ3tlL7i:qI0bHD8mc9Ya8MRy4zpIsIG

Score

10^/10

macro macro_on_action

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://23.23.29.10/YaXUeO5K

exe.dropper

http://35.204.88.6/heu0n72I

exe.dropper

http://3.89.91.237/MLCMkrc

exe.dropper

http://uat-essence.oablab.com/wp-includes/oY8j241xM

exe.dropper

http://34.207.179.222/7SQrziN

Targets

- Target
  
  304f915bed575523952cca9ab840402d_JaffaCakes118
- Size
  
  115KB
- MD5
  
  304f915bed575523952cca9ab840402d
- SHA1
  
  4b4f89c52dd3396a07d9d11f6e3300b1f2b5526e
- SHA256
  
  04f4d53da683b57017b08f05bada9075980bcaf03f620dafb00b69aab881b42c
- SHA512
  
  e24860cf1bbeaa6d82041f4a750cbdf1c387f3d56eb6f084bd64c05aa7706bbee7b769b1be5d2378a4dc20aeed931c225b174d82976e931a38dc9722e9f025d6
- SSDEEP
  
  1536:nqI0bf/D8mcNf5CaeH1vC8Y7dy4z35lysKDJ3tlL7i:qI0bHD8mc9Ya8MRy4zpIsIG
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2