General

  • Target

    6d3435e49e6c1a2cd799ce78044cd3c9_JaffaCakes118

  • Size

    90KB

  • Sample

    240524-d3dpysbe54

  • MD5

    6d3435e49e6c1a2cd799ce78044cd3c9

  • SHA1

    d78f08b3a30b88d01fb3ec8cec59bbfab15a750b

  • SHA256

    d416995ff59bb109b5527146f344e9740c58c836b6dd40382d6bf47b35f601fd

  • SHA512

    fba9ad6da1b51fcd535d3f716df9b3780ef0f78df5fffce1bf70a281bc77228fb93e7df349508975cdc9788b659b3613f7de1e6866d386f0da00193ddf8953eb

  • SSDEEP

    1536:Qk/TxjwKZ09cB7y9ghN8+mQ90MT++a9aEjpre5gx8P5pF5pVeFx:rxjnB29gb8onVQpre5gx8P5pF5pVeFx

Malware Config

Targets

    • Target

      6d3435e49e6c1a2cd799ce78044cd3c9_JaffaCakes118

    • Size

      90KB

    • MD5

      6d3435e49e6c1a2cd799ce78044cd3c9

    • SHA1

      d78f08b3a30b88d01fb3ec8cec59bbfab15a750b

    • SHA256

      d416995ff59bb109b5527146f344e9740c58c836b6dd40382d6bf47b35f601fd

    • SHA512

      fba9ad6da1b51fcd535d3f716df9b3780ef0f78df5fffce1bf70a281bc77228fb93e7df349508975cdc9788b659b3613f7de1e6866d386f0da00193ddf8953eb

    • SSDEEP

      1536:Qk/TxjwKZ09cB7y9ghN8+mQ90MT++a9aEjpre5gx8P5pF5pVeFx:rxjnB29gb8onVQpre5gx8P5pF5pVeFx

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks