General

  • Target

    6def1a425952748dc1a87382d2a65a22_JaffaCakes118

  • Size

    94KB

  • Sample

    240524-kp5pvabf94

  • MD5

    6def1a425952748dc1a87382d2a65a22

  • SHA1

    cd740fceb3c1beccd2ded2306c8a6f9c036daa7d

  • SHA256

    f0190fb83e6dc7ed79b96ef13a80b849a1c28fccd3f6801de72dfa1db9dfe603

  • SHA512

    a1a13da4116b9b725771d4dcf5b770801286e1f3bf6dbfee1f15897c3dbcc6de739d874e23c30f25ff791cfa857bb1851f26d0cf2e25aac2ed61aeb1119ddcda

  • SSDEEP

    1536:PT5IADoVeYBIyq7UxgElJxAbuYesT6rOsuHZ5BaXJzz4P7dFVe4Q:PT5I4oVeyhxAiYeserOBBa61Q

Score
10/10

Malware Config

Targets

    • Target

      Invoices Overdue.doc

    • Size

      164KB

    • MD5

      7c9735e3928995054fe8058d004852ad

    • SHA1

      17b8c6dee333d021c0ead2b49e9233c28710f080

    • SHA256

      3d5eb1ccb2f9325b699e8409646da55b7b504b30c0d66e237eb145b01c74012b

    • SHA512

      856dbf0c6b38d3ba0da5ace8ca0fca200b5f06274a09f1e59055160754e0d9aa1f4b966605b1ce6588df80c06964270891286837e91c1c50cf4895731d9d3209

    • SSDEEP

      3072:7hR2eSC+ONWql6BbCxRPOXtPPSh6pPG4C4vZe2xK+KNW/mZ2J1MJzFnBoNAvTtWs:7hULO1l6BmFU1b

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks