General

  • Target

    632901559dbe752123d758e59e3aa5e3_JaffaCakes118

  • Size

    76KB

  • Sample

    240521-nst93acc59

  • MD5

    632901559dbe752123d758e59e3aa5e3

  • SHA1

    b0c253de002de506ad954377538c811b3009a054

  • SHA256

    407859defd171c069ab7f5c370cbe7dc830ff88656d2e165cf5d308daac60e83

  • SHA512

    6f6c38f72a5ecaf9460d159c5f54ad45b0c2a032a8978f18bf93e6b66a7ab52241c9ecb0437f3c1b95deaab304618eb7c319e7b44ddbcda77447b92bee77faf1

  • SSDEEP

    1536:/yOPlJ+2ocn1kp59gxBK85fB3+aTYTxteUdZro2M:qO3W41k/W48uTxLro2M

Malware Config

Targets

    • Target

      632901559dbe752123d758e59e3aa5e3_JaffaCakes118

    • Size

      76KB

    • MD5

      632901559dbe752123d758e59e3aa5e3

    • SHA1

      b0c253de002de506ad954377538c811b3009a054

    • SHA256

      407859defd171c069ab7f5c370cbe7dc830ff88656d2e165cf5d308daac60e83

    • SHA512

      6f6c38f72a5ecaf9460d159c5f54ad45b0c2a032a8978f18bf93e6b66a7ab52241c9ecb0437f3c1b95deaab304618eb7c319e7b44ddbcda77447b92bee77faf1

    • SSDEEP

      1536:/yOPlJ+2ocn1kp59gxBK85fB3+aTYTxteUdZro2M:qO3W41k/W48uTxLro2M

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks