c63b801b73ffc4397fcd7f78b2c3658ef29751e6dc84ff1468dc9068cf237a42 | Triage

Sharing

General

Target

7e048c48cf5c2879dc2a0a33101048a2_JaffaCakes118
Size

76KB
Sample

240528-xjvznsha84
MD5

7e048c48cf5c2879dc2a0a33101048a2
SHA1

911f72f15361efb7c01fcde615c61c80656f0bdc
SHA256

c63b801b73ffc4397fcd7f78b2c3658ef29751e6dc84ff1468dc9068cf237a42
SHA512

44172ab2e73781abd5547059eb9463c21dbaf6d7813651c5463926cb1dd8be29f749028db57fba4cc2bb83fde5b99ccc82c08bc31299ef0b861667a80b94a22c
SSDEEP

768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://samix-num.com/BcFUhvDr

exe.dropper

http://economiadigital.biz/NKq5eOZ

exe.dropper

http://ftp.dailyignite.club/YNB95t2

exe.dropper

http://migoshen.org/FNE1TVJjI

exe.dropper

http://vanoostrom.org/w8yXb69h5

Targets

- Target
  
  7e048c48cf5c2879dc2a0a33101048a2_JaffaCakes118
- Size
  
  76KB
- MD5
  
  7e048c48cf5c2879dc2a0a33101048a2
- SHA1
  
  911f72f15361efb7c01fcde615c61c80656f0bdc
- SHA256
  
  c63b801b73ffc4397fcd7f78b2c3658ef29751e6dc84ff1468dc9068cf237a42
- SHA512
  
  44172ab2e73781abd5547059eb9463c21dbaf6d7813651c5463926cb1dd8be29f749028db57fba4cc2bb83fde5b99ccc82c08bc31299ef0b861667a80b94a22c
- SSDEEP
  
  768:FtVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBd8LTTnLlCiJRz9wORjKkh58/460B:Ftocn1kp59gxBK85fBCLTbJCNw6Z+a96
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2