e9ea77fd12c74c61aef30ab7231dd67b4559f74be215cf390f9fde349bb1eda4

General

Target

68e23eba5d8521c12fad27d6d8a75f05_JaffaCakes118
Size

187KB
Sample

240522-2pam5sbg8w
MD5

68e23eba5d8521c12fad27d6d8a75f05
SHA1

0a29c05759e5f21e561055a89651a522b02fdc53
SHA256

e9ea77fd12c74c61aef30ab7231dd67b4559f74be215cf390f9fde349bb1eda4
SHA512

8859c260be9b05dda2dd6d0120b998335615984f2c08bc34c159dd7c5f01885defb2217a72b1869cdeae487b899986af1e7b25e1bc305918b88e24ece04f400d
SSDEEP

1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d82:M8rfrzOH98ipgfLT1R

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://amettatravel.com/wp-admin/1/

exe.dropper

http://iqauthority.com/wp-admin/9Id/

exe.dropper

http://www.sifesro.com/wp-includes/o/

exe.dropper

http://oneinsix.com/test/0/

exe.dropper

https://dramacool9.live/scbvq1/sPT/

exe.dropper

http://blog.geekpai.top/rmebw/x/

exe.dropper

https://datxanhmienbac.info/lfb8ii/LmG/

Targets

- Target
  
  68e23eba5d8521c12fad27d6d8a75f05_JaffaCakes118
- Size
  
  187KB
- MD5
  
  68e23eba5d8521c12fad27d6d8a75f05
- SHA1
  
  0a29c05759e5f21e561055a89651a522b02fdc53
- SHA256
  
  e9ea77fd12c74c61aef30ab7231dd67b4559f74be215cf390f9fde349bb1eda4
- SHA512
  
  8859c260be9b05dda2dd6d0120b998335615984f2c08bc34c159dd7c5f01885defb2217a72b1869cdeae487b899986af1e7b25e1bc305918b88e24ece04f400d
- SSDEEP
  
  1536:5GGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xilWfm9ITmDST/Ephs7p8cEpY/d82:M8rfrzOH98ipgfLT1R
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2