General

  • Target

    50cdac1ac5b2265d7faeb1ac86c1967a_JaffaCakes118

  • Size

    86KB

  • Sample

    240517-wr9blacb26

  • MD5

    50cdac1ac5b2265d7faeb1ac86c1967a

  • SHA1

    8d23fe85603c706011ec08416a7dbc0f8fc3c0e3

  • SHA256

    7813984cba3d7ed748ae1024158bb31a8c4b310d96e83e730b069b63ea276100

  • SHA512

    83760f44e51f0d879f27bf5753ba8bb580fb4571e498c8a6281ff2bbc08f449f0e8fa45b721b5c8743a95d43340821801efe93f6b67ea03ce66875e44819edf9

  • SSDEEP

    1536:Qk/TxjwKZ09cB7y9ghN8+mQ90MT++a9aHjpre5gx8P5pF5pVeF/:rxjnB29gb8onVDpre5gx8P5pF5pVeF/

Malware Config

Targets

    • Target

      50cdac1ac5b2265d7faeb1ac86c1967a_JaffaCakes118

    • Size

      86KB

    • MD5

      50cdac1ac5b2265d7faeb1ac86c1967a

    • SHA1

      8d23fe85603c706011ec08416a7dbc0f8fc3c0e3

    • SHA256

      7813984cba3d7ed748ae1024158bb31a8c4b310d96e83e730b069b63ea276100

    • SHA512

      83760f44e51f0d879f27bf5753ba8bb580fb4571e498c8a6281ff2bbc08f449f0e8fa45b721b5c8743a95d43340821801efe93f6b67ea03ce66875e44819edf9

    • SSDEEP

      1536:Qk/TxjwKZ09cB7y9ghN8+mQ90MT++a9aHjpre5gx8P5pF5pVeF/:rxjnB29gb8onVDpre5gx8P5pF5pVeF/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks