66560ecae1fa34327556f3a3ae7c82915435249b023141c390a3f52c3f460a20 | Triage

Sharing

General

Target

62267a2d58c8093978a82e5df7fee049JaffaCakes118
Size

207KB
Sample

240523-as7nhaeh86
MD5

62267a2d58c8093978a82e5df7fee049
SHA1

706a48ac51f6a949c3d059cbd6c8504b6b15dacb
SHA256

66560ecae1fa34327556f3a3ae7c82915435249b023141c390a3f52c3f460a20
SHA512

ea59715ace2b51bbf00e7598324e9919dbf969b30e6b5bb5712d4ec3a060c5bd6a78ec6001e5bf535ef8e1fcf9e888622685cc84977fce50d39a6d95fa0c7346
SSDEEP

3072:E3MMsXSi54XEmpDP4NaNJgj+H8AbliNKDzaJFUKc0UTE7yZRUV7RJeOzi8F:ms5WX1jFu88AbAEDzYUTE7yZRVUi8F

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://miamifloridainvestigator.com/48R8nccw

exe.dropper

http://yusufsevim.com/4aj5f63E

exe.dropper

http://dogmencyapi.com/fzmtCEgz

exe.dropper

http://myvidio.site/zeAtqnKQbF

exe.dropper

http://comeinitiative.org/krh8mzC

Targets

- Target
  
  62267a2d58c8093978a82e5df7fee049JaffaCakes118
- Size
  
  207KB
- MD5
  
  62267a2d58c8093978a82e5df7fee049
- SHA1
  
  706a48ac51f6a949c3d059cbd6c8504b6b15dacb
- SHA256
  
  66560ecae1fa34327556f3a3ae7c82915435249b023141c390a3f52c3f460a20
- SHA512
  
  ea59715ace2b51bbf00e7598324e9919dbf969b30e6b5bb5712d4ec3a060c5bd6a78ec6001e5bf535ef8e1fcf9e888622685cc84977fce50d39a6d95fa0c7346
- SSDEEP
  
  3072:E3MMsXSi54XEmpDP4NaNJgj+H8AbliNKDzaJFUKc0UTE7yZRUV7RJeOzi8F:ms5WX1jFu88AbAEDzYUTE7yZRVUi8F
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2