21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce | Triage

Sharing

General

Target

620a53fb175e89ffa9d3bb418de2bf76JaffaCakes118
Size

209KB
Sample

240523-arg2fseg97
MD5

620a53fb175e89ffa9d3bb418de2bf76
SHA1

0aaee79492b8ab7a5a7a0fe6a7d8b5ec1891bd07
SHA256

21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce
SHA512

ab99b5555f92ff4b6f9144c878499846740d37ecf1842bdbd88ae6e5158a96fd79e563abb05eb75621666bc254b72c441a670388a9b280fd1b8276b2de8b7896
SSDEEP

3072:q/EEAUFdf/OkQf4I6iNKDzaJFUKc0UTE7yZRUV7RJeOzi8+:HEAgd7k4IZEDzYUTE7yZRVUi8+

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://mhnew.enabledware.com/wp-content/upgrade/1Qvuku8g

exe.dropper

http://maquinadefalaringles.info/Us1uHMn

exe.dropper

http://5072610.ru/YjNBdzFKT9

exe.dropper

http://bietthunghiduong24h.info/oVQCPSWV

exe.dropper

http://ustpharm89.net/sYr7xBoXx

Targets

- Target
  
  620a53fb175e89ffa9d3bb418de2bf76JaffaCakes118
- Size
  
  209KB
- MD5
  
  620a53fb175e89ffa9d3bb418de2bf76
- SHA1
  
  0aaee79492b8ab7a5a7a0fe6a7d8b5ec1891bd07
- SHA256
  
  21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce
- SHA512
  
  ab99b5555f92ff4b6f9144c878499846740d37ecf1842bdbd88ae6e5158a96fd79e563abb05eb75621666bc254b72c441a670388a9b280fd1b8276b2de8b7896
- SSDEEP
  
  3072:q/EEAUFdf/OkQf4I6iNKDzaJFUKc0UTE7yZRUV7RJeOzi8+:HEAgd7k4IZEDzYUTE7yZRVUi8+
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2