4c58c854ad7652ac73829058b405f7b2dd40e803ef3be318090ee2ee43de1a07 | Triage

Sharing

General

Target

6889974ddc269eae29f7a949b34d04bc_JaffaCakes118
Size

94KB
Sample

240522-zcwnqsfg29
MD5

6889974ddc269eae29f7a949b34d04bc
SHA1

bb88e3ac46fc503308959e7f964b4130a4b39357
SHA256

4c58c854ad7652ac73829058b405f7b2dd40e803ef3be318090ee2ee43de1a07
SHA512

08b7bf8a129a97ba4450a04c080e1e31fc8be1325037536b7da4ff2d3ba7e938e081a4adaa90713d7bd3f96ab808299503537dbf9cae8970b613e299ced18ad4
SSDEEP

1536:xXDMeO8oY5C6OJsdBpZW2aMQs666yT+t3hieCnpYjSKxrtN:J4eroY5CTsdA2OI23hccT

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://samuelearba.com/wp-includes/g2fn1q5591/

exe.dropper

https://rudalov.com/clientes/hroimxt621/

exe.dropper

http://rhythmandbluescompany.com/pimages/4vq32/

exe.dropper

http://ruttv.com/cams/rb5b5/

exe.dropper

http://sampling-group.com/site_espanol/bo3/

Targets

- Target
  
  6889974ddc269eae29f7a949b34d04bc_JaffaCakes118
- Size
  
  94KB
- MD5
  
  6889974ddc269eae29f7a949b34d04bc
- SHA1
  
  bb88e3ac46fc503308959e7f964b4130a4b39357
- SHA256
  
  4c58c854ad7652ac73829058b405f7b2dd40e803ef3be318090ee2ee43de1a07
- SHA512
  
  08b7bf8a129a97ba4450a04c080e1e31fc8be1325037536b7da4ff2d3ba7e938e081a4adaa90713d7bd3f96ab808299503537dbf9cae8970b613e299ced18ad4
- SSDEEP
  
  1536:xXDMeO8oY5C6OJsdBpZW2aMQs666yT+t3hieCnpYjSKxrtN:J4eroY5CTsdA2OI23hccT
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2