General

  • Target

    84e9f91c119cbabb4167839ab375f73d_JaffaCakes118

  • Size

    224KB

  • Sample

    240530-v4a4wsfa2s

  • MD5

    84e9f91c119cbabb4167839ab375f73d

  • SHA1

    e3c9133011dcab882f12ddb3b0d8a5c4fca8e961

  • SHA256

    c2536df89f0bbaafd863cfb89bb96f6231873c62a8f4e6e6e7c788e6694b65fa

  • SHA512

    bbefb07e21d80b0931b5d52e8047eb32d9ade622bb54f0d86871b8c486be3b4c1c3e7a6354f98869f87848502193c01cc828a578611b940f608f5346ddb700e6

  • SSDEEP

    3072:lV4PrXcuQuvpzm4bkiaMQgAlSAF62ezg2FS:cDRv1m4bnQgISAF6Lg2FS

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/B/

exe.dropper

https://menuazores.com/root/4eq/

exe.dropper

https://www.lunalysis.com/images/P/

exe.dropper

https://fedo.xyz/wp-admin/AaD/

exe.dropper

http://themsc.net/cctqv/M/

exe.dropper

http://earthinnovation.org/pcimonitor/d/

exe.dropper

http://pastaciyiz.biz/wp-includes/1/

Targets

    • Target

      84e9f91c119cbabb4167839ab375f73d_JaffaCakes118

    • Size

      224KB

    • MD5

      84e9f91c119cbabb4167839ab375f73d

    • SHA1

      e3c9133011dcab882f12ddb3b0d8a5c4fca8e961

    • SHA256

      c2536df89f0bbaafd863cfb89bb96f6231873c62a8f4e6e6e7c788e6694b65fa

    • SHA512

      bbefb07e21d80b0931b5d52e8047eb32d9ade622bb54f0d86871b8c486be3b4c1c3e7a6354f98869f87848502193c01cc828a578611b940f608f5346ddb700e6

    • SSDEEP

      3072:lV4PrXcuQuvpzm4bkiaMQgAlSAF62ezg2FS:cDRv1m4bnQgISAF6Lg2FS

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks