7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8 | Triage

Sharing

General

Target

68703d8cedb9a7eb60e981edf3139600_JaffaCakes118
Size

21KB
Sample

240522-yq3hrsed7v
MD5

68703d8cedb9a7eb60e981edf3139600
SHA1

c51afd15c9094315807afa271037295eb001d5f4
SHA256

7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8
SHA512

7bb915317720dee5849cbd9e99d8ca1b00ccd84c974f2f8821f7c8c7fda4d4553d589079cebb162a52d021382d81fdb79f4fa1672c90f509f0060392039686ee
SSDEEP

384:u+LNPhLpJq+XKW/0PeZBhdh9UW5RbbJxfL2GwBobRZfHLM2otMn:u+NPhL/iW82bhz9UsH32NwRZ/IHtq

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://www.huikeshoven.net/rWareSample/execute-ransomware.bat

Targets

- Target
  
  68703d8cedb9a7eb60e981edf3139600_JaffaCakes118
- Size
  
  21KB
- MD5
  
  68703d8cedb9a7eb60e981edf3139600
- SHA1
  
  c51afd15c9094315807afa271037295eb001d5f4
- SHA256
  
  7e4670540c176586d4d4a3ab854584dec70d14258236e716e8807a699f4238a8
- SHA512
  
  7bb915317720dee5849cbd9e99d8ca1b00ccd84c974f2f8821f7c8c7fda4d4553d589079cebb162a52d021382d81fdb79f4fa1672c90f509f0060392039686ee
- SSDEEP
  
  384:u+LNPhLpJq+XKW/0PeZBhdh9UW5RbbJxfL2GwBobRZfHLM2otMn:u+NPhL/iW82bhz9UsH32NwRZ/IHtq
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2