2740a4f84916260f7c2620ac601b2a6018e8ea37064817a34799eb260cf72a62 | Triage

Sharing

General

Target

44b255cd98fa287a1fa1ce9880cf876d_JaffaCakes118
Size

146KB
Sample

240515-f1vlssba7x
MD5

44b255cd98fa287a1fa1ce9880cf876d
SHA1

3fcd2f010e500500cba970330302ec0a2be952a0
SHA256

2740a4f84916260f7c2620ac601b2a6018e8ea37064817a34799eb260cf72a62
SHA512

973379b6f82bedaa655226a96224f95663c389c749fb7b9062ff6676ac8b6811b0ec230d45b992257da50e8306d319c83b67ac13cd247c65c4a9fbf25706be50
SSDEEP

3072:C7BEXb52k407g7Shs9RAQP4Ht4E/zovcdR:0cb52khFhs/A64HyE/svcD

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://purphost.com/Kt1eWvVze

exe.dropper

http://godfreybranco.com/yTX8dwH

exe.dropper

http://psi_test.farseasty.com/TbNnQfP

exe.dropper

http://facetickle.com/BNdtnlPbsh

exe.dropper

http://taoweb3trieu.com/mETrZmz

Targets

- Target
  
  44b255cd98fa287a1fa1ce9880cf876d_JaffaCakes118
- Size
  
  146KB
- MD5
  
  44b255cd98fa287a1fa1ce9880cf876d
- SHA1
  
  3fcd2f010e500500cba970330302ec0a2be952a0
- SHA256
  
  2740a4f84916260f7c2620ac601b2a6018e8ea37064817a34799eb260cf72a62
- SHA512
  
  973379b6f82bedaa655226a96224f95663c389c749fb7b9062ff6676ac8b6811b0ec230d45b992257da50e8306d319c83b67ac13cd247c65c4a9fbf25706be50
- SSDEEP
  
  3072:C7BEXb52k407g7Shs9RAQP4Ht4E/zovcdR:0cb52khFhs/A64HyE/svcD
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2