55983cd83e2ad7caf8afcfdbddf743d37dae444abd473b1519d42ed92b29b61c

General

Target

5e25cf476a77993b7f750426166f1a04_JaffaCakes118
Size

163KB
Sample

240520-kkaznscf2z
MD5

5e25cf476a77993b7f750426166f1a04
SHA1

f5357b29ef8a86835bb129ad2edadd1ca85bf799
SHA256

55983cd83e2ad7caf8afcfdbddf743d37dae444abd473b1519d42ed92b29b61c
SHA512

a990c22c4f9b7433a9ea188daf0efad98c5c5800f826724809de0491205f2a2d64e8c1520e7d7ebfcd4e7dcf7dc58d418eb0f57a3487c118b7d9c60a0be92e3c
SSDEEP

1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9bVZVDEuEfBzoIWGQ:T/rfrzOH98ipgnK5JzoPGQ

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://cryptokuota.com/assets/M2ngTrJ/

exe.dropper

https://pinterusmedia.com/wp-admin/YX/

exe.dropper

https://aszcasino.com/aszdemo/DRloh/

exe.dropper

https://dubai-homes.ae/wp-admin/YBJR3M/

exe.dropper

https://whitdoit.tk/ljiy53n/xxE/

exe.dropper

http://4life.com.vn/wp-admin/R/

exe.dropper

http://baran-business.de/wp-content/pMr/

Targets

- Target
  
  5e25cf476a77993b7f750426166f1a04_JaffaCakes118
- Size
  
  163KB
- MD5
  
  5e25cf476a77993b7f750426166f1a04
- SHA1
  
  f5357b29ef8a86835bb129ad2edadd1ca85bf799
- SHA256
  
  55983cd83e2ad7caf8afcfdbddf743d37dae444abd473b1519d42ed92b29b61c
- SHA512
  
  a990c22c4f9b7433a9ea188daf0efad98c5c5800f826724809de0491205f2a2d64e8c1520e7d7ebfcd4e7dcf7dc58d418eb0f57a3487c118b7d9c60a0be92e3c
- SSDEEP
  
  1536:T5a/aNrdi1Ir77zOH98Wj2gpngR+a9bVZVDEuEfBzoIWGQ:T/rfrzOH98ipgnK5JzoPGQ
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2