24a9f06db2b35bdcbef2271a9c325574dc757a54e56a8864ef7d20acd246a761 | Triage

Sharing

General

Target

63b3546312f1c5787d212c93b31ad7bb_JaffaCakes118
Size

205KB
Sample

240521-sbb5dahg35
MD5

63b3546312f1c5787d212c93b31ad7bb
SHA1

4bf249afca97082ddd8b4cab74b1e49eec4cb19c
SHA256

24a9f06db2b35bdcbef2271a9c325574dc757a54e56a8864ef7d20acd246a761
SHA512

c1daaf4d969c22983ee6d5f5877c192a7b22edc8f2267d208f00bd4da33e579fc1b6b4048f1a695b96912582c3d62f6e8d16f92c23ec5df31871f0c510afd632
SSDEEP

3072:Fd2y/Gdy/ktGDWLS0HZWD5w8K7Nk9uD7IBUNfgpszLC4TIdAuvV/uVxq:Fd2k4ntGiL3HJk9uD7bNopsi4Y92G

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://mensro.com/wp-admin/o2jnxha/

exe.dropper

http://meert.org/cgi-bin/DrjIA/

exe.dropper

http://mcdogsmedia.co.uk/cgi-bin/1qy65l/

exe.dropper

http://milleniumwheels.com/oud/5icr4l/

exe.dropper

http://multitable.com/cgi-bin/vyj89/

Targets

- Target
  
  63b3546312f1c5787d212c93b31ad7bb_JaffaCakes118
- Size
  
  205KB
- MD5
  
  63b3546312f1c5787d212c93b31ad7bb
- SHA1
  
  4bf249afca97082ddd8b4cab74b1e49eec4cb19c
- SHA256
  
  24a9f06db2b35bdcbef2271a9c325574dc757a54e56a8864ef7d20acd246a761
- SHA512
  
  c1daaf4d969c22983ee6d5f5877c192a7b22edc8f2267d208f00bd4da33e579fc1b6b4048f1a695b96912582c3d62f6e8d16f92c23ec5df31871f0c510afd632
- SSDEEP
  
  3072:Fd2y/Gdy/ktGDWLS0HZWD5w8K7Nk9uD7IBUNfgpszLC4TIdAuvV/uVxq:Fd2k4ntGiL3HJk9uD7bNopsi4Y92G
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2