788d5bb87879fca4fec80a7ab909d74baf2cb634036860e37ebdaa7f44b49674 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a327006a49fa731461955d500e312dc_JaffaCakes118
Size

244KB
Sample

240527-xsrcvaff53
MD5

7a327006a49fa731461955d500e312dc
SHA1

331daffed89c0391683f12c91bdd35d4a4a45106
SHA256

788d5bb87879fca4fec80a7ab909d74baf2cb634036860e37ebdaa7f44b49674
SHA512

8779b99fa388dd9ddb8c975cac29a7fe8a10829ea0a92c5ec5142f5e8216c53393970a6594d20cec570b46ecf6a9eab980d06b82bbb920508b7f494a52d31f22
SSDEEP

3072:iKmtgp237irS5/01rO9rN4iG/8jL/xSu90OoiLuDKZXfwKeljR1A:iKSo237ir4/2O9rN4d/KxUOmD+XfwL0

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://iventurecard.co.uk/mqGwkGN

exe.dropper

http://yduocvinhphuc.info/kblPYSdiX

exe.dropper

http://zinimedia.dk/wCJyaYfn2

exe.dropper

http://nightonline.ru/images/WF0wknLoVI

exe.dropper

http://www.acs.vn/0SCQbnzLv

Targets

- Target
  
  7a327006a49fa731461955d500e312dc_JaffaCakes118
- Size
  
  244KB
- MD5
  
  7a327006a49fa731461955d500e312dc
- SHA1
  
  331daffed89c0391683f12c91bdd35d4a4a45106
- SHA256
  
  788d5bb87879fca4fec80a7ab909d74baf2cb634036860e37ebdaa7f44b49674
- SHA512
  
  8779b99fa388dd9ddb8c975cac29a7fe8a10829ea0a92c5ec5142f5e8216c53393970a6594d20cec570b46ecf6a9eab980d06b82bbb920508b7f494a52d31f22
- SSDEEP
  
  3072:iKmtgp237irS5/01rO9rN4iG/8jL/xSu90OoiLuDKZXfwKeljR1A:iKSo237ir4/2O9rN4d/KxUOmD+XfwL0
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2