General

  • Target

    56b3b93d01ccd0b105cc3b132bbde971_JaffaCakes118

  • Size

    71KB

  • Sample

    240518-zjxjlsfc66

  • MD5

    56b3b93d01ccd0b105cc3b132bbde971

  • SHA1

    c6724f2abfce8440aee881b382b6eb01b7809758

  • SHA256

    029e21f9819e6697d81fb5fd18667bf3730bde1c1a9692439514f6f837bdc71a

  • SHA512

    d50640419238743c0a2b35c6917d7de4b47a8cc2c1393f2f49b0d233a966f7632b373d523cec8a267561585f7858880356d43c53ae97086b1d6816706057a759

  • SSDEEP

    1536:vJK+lhLocn1kp59gxBK85fBt+a9Fjduedt9+d5paxyNM:vJbla41k/W483jduedt9+d5paxyO

Malware Config

Targets

    • Target

      56b3b93d01ccd0b105cc3b132bbde971_JaffaCakes118

    • Size

      71KB

    • MD5

      56b3b93d01ccd0b105cc3b132bbde971

    • SHA1

      c6724f2abfce8440aee881b382b6eb01b7809758

    • SHA256

      029e21f9819e6697d81fb5fd18667bf3730bde1c1a9692439514f6f837bdc71a

    • SHA512

      d50640419238743c0a2b35c6917d7de4b47a8cc2c1393f2f49b0d233a966f7632b373d523cec8a267561585f7858880356d43c53ae97086b1d6816706057a759

    • SSDEEP

      1536:vJK+lhLocn1kp59gxBK85fBt+a9Fjduedt9+d5paxyNM:vJbla41k/W483jduedt9+d5paxyO

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks