General

  • Target

    64352ddd10ce76fc16d92828c6918a6e_JaffaCakes118

  • Size

    191KB

  • Sample

    240521-wf16vadd27

  • MD5

    64352ddd10ce76fc16d92828c6918a6e

  • SHA1

    9d9a76b033b60429f0227f49cc9dfb74476be4b8

  • SHA256

    2694b1a0143b59a1a4c1e5b5edf6d89a0805a74197c454222bb426df0e583ec1

  • SHA512

    998f4e2c46a0f57d3e22c946018b7ebd59cbc372b82e0482da9882f40b1e07ef44ec506b7683322647ec93864192f9f6ad302db22a15695304f7a726935a1ef2

  • SSDEEP

    3072:uniqkDiric6yO9/1Amlj76BiP0zD0XXixUw6hVbs:urYiec6yO9/1Amlj76BO0PMMr63s

Score
10/10

Malware Config

Targets

    • Target

      64352ddd10ce76fc16d92828c6918a6e_JaffaCakes118

    • Size

      191KB

    • MD5

      64352ddd10ce76fc16d92828c6918a6e

    • SHA1

      9d9a76b033b60429f0227f49cc9dfb74476be4b8

    • SHA256

      2694b1a0143b59a1a4c1e5b5edf6d89a0805a74197c454222bb426df0e583ec1

    • SHA512

      998f4e2c46a0f57d3e22c946018b7ebd59cbc372b82e0482da9882f40b1e07ef44ec506b7683322647ec93864192f9f6ad302db22a15695304f7a726935a1ef2

    • SSDEEP

      3072:uniqkDiric6yO9/1Amlj76BiP0zD0XXixUw6hVbs:urYiec6yO9/1Amlj76BO0PMMr63s

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks