254dfb21f1f3dbfd25545b97ca78aa839027dcb4214a131765c77ab57dcbd285 | Triage

Sharing

General

Target

5f517b9c781af3ee30a16e8ec1dc3728_JaffaCakes118
Size

77KB
Sample

240520-qqrr9scb79
MD5

5f517b9c781af3ee30a16e8ec1dc3728
SHA1

32907bb5c0e8142e99afb7f945b50c4df2dc1bdb
SHA256

254dfb21f1f3dbfd25545b97ca78aa839027dcb4214a131765c77ab57dcbd285
SHA512

5a7612ed4f3b3025a8653ab86daeada308f77770f15aa5da53322b62211ba9f859d83966654e999d928f8f63d80ec47f776251be157b52147ccebb93e48115df
SSDEEP

768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://samix-num.com/BcFUhvDr

exe.dropper

http://economiadigital.biz/NKq5eOZ

exe.dropper

http://ftp.dailyignite.club/YNB95t2

exe.dropper

http://migoshen.org/FNE1TVJjI

exe.dropper

http://vanoostrom.org/w8yXb69h5

Targets

- Target
  
  5f517b9c781af3ee30a16e8ec1dc3728_JaffaCakes118
- Size
  
  77KB
- MD5
  
  5f517b9c781af3ee30a16e8ec1dc3728
- SHA1
  
  32907bb5c0e8142e99afb7f945b50c4df2dc1bdb
- SHA256
  
  254dfb21f1f3dbfd25545b97ca78aa839027dcb4214a131765c77ab57dcbd285
- SHA512
  
  5a7612ed4f3b3025a8653ab86daeada308f77770f15aa5da53322b62211ba9f859d83966654e999d928f8f63d80ec47f776251be157b52147ccebb93e48115df
- SSDEEP
  
  768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2