e717503e0b005ae9e55f5b68598e20f54053a841547624052b42d44230114790

General

Target

3976ac236406fe3ec9369a49506bd056_JaffaCakes118
Size

251KB
Sample

240512-lp4yzsab2y
MD5

3976ac236406fe3ec9369a49506bd056
SHA1

501af2617959e5560d93d11f2d6439b8e5851198
SHA256

e717503e0b005ae9e55f5b68598e20f54053a841547624052b42d44230114790
SHA512

dacbc30dbccfae93f2ecdc467ee7f2e5dff51ce5d8b6725d79b169a251de1b2cb34a4af434746d276f7483016c45707f604bf6554a6fea449e85319a4e11dfdb
SSDEEP

3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////L:C0uXnWFchmmcI/o1/52y7Re

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://hoagietesting10.com/wp-content/SJ/

exe.dropper

http://iscamenabe.com/wp-content/1PR/

exe.dropper

http://vietmade.org/wp-admin/8/

exe.dropper

http://www.filamchimovies.com/wp-admin/8/

exe.dropper

https://strattonmobile.com/wp-content/yl/

exe.dropper

https://blog.qgdxzs.com/wp-admin/I/

exe.dropper

http://vietsex.pro/wp-content/PX/

Targets

- Target
  
  3976ac236406fe3ec9369a49506bd056_JaffaCakes118
- Size
  
  251KB
- MD5
  
  3976ac236406fe3ec9369a49506bd056
- SHA1
  
  501af2617959e5560d93d11f2d6439b8e5851198
- SHA256
  
  e717503e0b005ae9e55f5b68598e20f54053a841547624052b42d44230114790
- SHA512
  
  dacbc30dbccfae93f2ecdc467ee7f2e5dff51ce5d8b6725d79b169a251de1b2cb34a4af434746d276f7483016c45707f604bf6554a6fea449e85319a4e11dfdb
- SSDEEP
  
  3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////L:C0uXnWFchmmcI/o1/52y7Re
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned suspicious child process

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2