General

  • Target

    76cd06525d7e664fe11f232e26aa28fe_JaffaCakes118

  • Size

    85KB

  • Sample

    240526-zp8ttsbg8s

  • MD5

    76cd06525d7e664fe11f232e26aa28fe

  • SHA1

    c9ba8f880fb921d38c189eaa78d5cb250322b459

  • SHA256

    28a07fce47ceef23c75ac7acdbee8040b8aa81b55b87ebba9e09d7cd97ea2784

  • SHA512

    1aab97f4bdfd6a08b95838c8386ce15147b15a3d5464062bff43adcdd99ce897f661798829071ee5657b74f874ab31261269065da1fd07b36e53a52bf5dec2f6

  • SSDEEP

    768:sATDVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBz+1oXdnYeY/++w9kdA:/TDocn1kp59gxBK85fBz+aXdjb

Malware Config

Targets

    • Target

      76cd06525d7e664fe11f232e26aa28fe_JaffaCakes118

    • Size

      85KB

    • MD5

      76cd06525d7e664fe11f232e26aa28fe

    • SHA1

      c9ba8f880fb921d38c189eaa78d5cb250322b459

    • SHA256

      28a07fce47ceef23c75ac7acdbee8040b8aa81b55b87ebba9e09d7cd97ea2784

    • SHA512

      1aab97f4bdfd6a08b95838c8386ce15147b15a3d5464062bff43adcdd99ce897f661798829071ee5657b74f874ab31261269065da1fd07b36e53a52bf5dec2f6

    • SSDEEP

      768:sATDVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBz+1oXdnYeY/++w9kdA:/TDocn1kp59gxBK85fBz+aXdjb

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks