General

  • Target

    520ba00154c2939a3c9d8350642486f0_JaffaCakes118

  • Size

    103KB

  • Sample

    240517-3jnhgsha33

  • MD5

    520ba00154c2939a3c9d8350642486f0

  • SHA1

    045270800bd3ec59ce9364bd784bd75ca1e71b9b

  • SHA256

    8dacb3152151d3e2c9413af71e7adb649950557c815912bdefdbf49cb714a8b6

  • SHA512

    3f7c8c6ec5a2941e540880b7d18d5563339064a923ffd32e67a18bae3cc6f81651168a54e12d48f18e2d909feaa068701eb182fcc3264fc9fb5840c0803dcacc

  • SSDEEP

    3072:qpOKxEtjPOtioVjDGUU1qfDlaGGx+cM6gHfzBfhga7Bd:qpOKxEtjPOtioVjDGUU1qfDlavx+r6g5

Malware Config

Targets

    • Target

      520ba00154c2939a3c9d8350642486f0_JaffaCakes118

    • Size

      103KB

    • MD5

      520ba00154c2939a3c9d8350642486f0

    • SHA1

      045270800bd3ec59ce9364bd784bd75ca1e71b9b

    • SHA256

      8dacb3152151d3e2c9413af71e7adb649950557c815912bdefdbf49cb714a8b6

    • SHA512

      3f7c8c6ec5a2941e540880b7d18d5563339064a923ffd32e67a18bae3cc6f81651168a54e12d48f18e2d909feaa068701eb182fcc3264fc9fb5840c0803dcacc

    • SSDEEP

      3072:qpOKxEtjPOtioVjDGUU1qfDlaGGx+cM6gHfzBfhga7Bd:qpOKxEtjPOtioVjDGUU1qfDlavx+r6g5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks