General

  • Target

    754628900514a7e60c2cdecb422243c7_JaffaCakes118

  • Size

    86KB

  • Sample

    240526-m7k49sga9v

  • MD5

    754628900514a7e60c2cdecb422243c7

  • SHA1

    d758dd39f52b4f58853f60480bcc4b3f77014d1d

  • SHA256

    c0c7ce70fcacde9aaea7daa9cef72361c3c648c766ae65da3b4a480e26d4b339

  • SHA512

    1f4be38ca161ddc05e032da6c2dacfc5589ce67df9c921d7cc9d493e156c7614278d05e9d51890560d474d4e12962796ceeef117a4c35532ea734ea51469b176

  • SSDEEP

    768:eNjm0EVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBg+1odYafDvqAQR9Cyqlb1/Xm:eNq0Eocn1kp59gxBK85fBg+addjqAQck

Malware Config

Targets

    • Target

      754628900514a7e60c2cdecb422243c7_JaffaCakes118

    • Size

      86KB

    • MD5

      754628900514a7e60c2cdecb422243c7

    • SHA1

      d758dd39f52b4f58853f60480bcc4b3f77014d1d

    • SHA256

      c0c7ce70fcacde9aaea7daa9cef72361c3c648c766ae65da3b4a480e26d4b339

    • SHA512

      1f4be38ca161ddc05e032da6c2dacfc5589ce67df9c921d7cc9d493e156c7614278d05e9d51890560d474d4e12962796ceeef117a4c35532ea734ea51469b176

    • SSDEEP

      768:eNjm0EVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBg+1odYafDvqAQR9Cyqlb1/Xm:eNq0Eocn1kp59gxBK85fBg+addjqAQck

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks