General

  • Target

    786def974fdb7c81f931e0e0aca4ae70_JaffaCakes118

  • Size

    92KB

  • Sample

    240527-js2xpaea36

  • MD5

    786def974fdb7c81f931e0e0aca4ae70

  • SHA1

    f7c9222b47074dde6f7dfa0e204e8050d57b0b8b

  • SHA256

    6ca42a163a039f3411dc3fc5bc2382d48f32572467bb7ef244fb3d1a1a69493f

  • SHA512

    8e3f6c74dfec3d2e44589c739804e9a87edb30ed76077231093213f9304fb5d4f4b5b54d5cc20f3f2e56ef5c96c591228011f9d0ff0e414f060745bf9ded326c

  • SSDEEP

    1536:zijWrMocn1kp59gxBK85fB7+ajZhg5aPiAJv6jw6:zV41k/W48pjkL

Malware Config

Targets

    • Target

      786def974fdb7c81f931e0e0aca4ae70_JaffaCakes118

    • Size

      92KB

    • MD5

      786def974fdb7c81f931e0e0aca4ae70

    • SHA1

      f7c9222b47074dde6f7dfa0e204e8050d57b0b8b

    • SHA256

      6ca42a163a039f3411dc3fc5bc2382d48f32572467bb7ef244fb3d1a1a69493f

    • SHA512

      8e3f6c74dfec3d2e44589c739804e9a87edb30ed76077231093213f9304fb5d4f4b5b54d5cc20f3f2e56ef5c96c591228011f9d0ff0e414f060745bf9ded326c

    • SSDEEP

      1536:zijWrMocn1kp59gxBK85fB7+ajZhg5aPiAJv6jw6:zV41k/W48pjkL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks