General

  • Target

    8506caad14eb3f2e2067aedaf5f81c26_JaffaCakes118

  • Size

    47KB

  • Sample

    240530-1rzvdaag2v

  • MD5

    8506caad14eb3f2e2067aedaf5f81c26

  • SHA1

    6c83a3be2696e05906757f6758234f1516f0e13f

  • SHA256

    1cbb1afc45ea8a0e39b3698b7f464e670b8896f544320ed33f19769cd5451470

  • SHA512

    18698868a411ba177d491a6f4548d51a537288229ee865768dc5cb8b040a7ba9087051f56f1d8833b3576664b9f086a82af2f47d883d2edbb4e8c548216f5848

  • SSDEEP

    384:eA8yGcSdW+wRsCBQsJABYtC5AZpVxAZ0YzhtNSTFPltSE0jA5930eU:eUKCB3UqXx0ZtNSTHNT93dU

Score
10/10

Malware Config

Targets

    • Target

      8506caad14eb3f2e2067aedaf5f81c26_JaffaCakes118

    • Size

      47KB

    • MD5

      8506caad14eb3f2e2067aedaf5f81c26

    • SHA1

      6c83a3be2696e05906757f6758234f1516f0e13f

    • SHA256

      1cbb1afc45ea8a0e39b3698b7f464e670b8896f544320ed33f19769cd5451470

    • SHA512

      18698868a411ba177d491a6f4548d51a537288229ee865768dc5cb8b040a7ba9087051f56f1d8833b3576664b9f086a82af2f47d883d2edbb4e8c548216f5848

    • SSDEEP

      384:eA8yGcSdW+wRsCBQsJABYtC5AZpVxAZ0YzhtNSTFPltSE0jA5930eU:eUKCB3UqXx0ZtNSTHNT93dU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks