9a83aff8b39abbb87e6299b5c5e2b1f19b00d55dc539bb24b98fa063f88bbe74 | Triage

Sharing

General

Target

6394e6330c52ff9ff6b9db6a65e3c5b9_JaffaCakes118
Size

78KB
Sample

240521-rk6jxagh4t
MD5

6394e6330c52ff9ff6b9db6a65e3c5b9
SHA1

eecd0369c532450eb4073621a0380d235d3a31e8
SHA256

9a83aff8b39abbb87e6299b5c5e2b1f19b00d55dc539bb24b98fa063f88bbe74
SHA512

19159d11f4d4721cbcd920bf86dc39252a1188cf3d4955b5074af91be46cfaed1704aa6888587773b6f13bb4e8d1ad71825c8b0169d50d86b266e0217f347592
SSDEEP

768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://samix-num.com/BcFUhvDr

exe.dropper

http://economiadigital.biz/NKq5eOZ

exe.dropper

http://ftp.dailyignite.club/YNB95t2

exe.dropper

http://migoshen.org/FNE1TVJjI

exe.dropper

http://vanoostrom.org/w8yXb69h5

Targets

- Target
  
  6394e6330c52ff9ff6b9db6a65e3c5b9_JaffaCakes118
- Size
  
  78KB
- MD5
  
  6394e6330c52ff9ff6b9db6a65e3c5b9
- SHA1
  
  eecd0369c532450eb4073621a0380d235d3a31e8
- SHA256
  
  9a83aff8b39abbb87e6299b5c5e2b1f19b00d55dc539bb24b98fa063f88bbe74
- SHA512
  
  19159d11f4d4721cbcd920bf86dc39252a1188cf3d4955b5074af91be46cfaed1704aa6888587773b6f13bb4e8d1ad71825c8b0169d50d86b266e0217f347592
- SSDEEP
  
  768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2