0dbad315cddc667cb29f30d02de18c3d5ff0547e0814c5170510ba1a11766b7a

General

Target

84ea962935a2e7b879fee2679702928a_JaffaCakes118
Size

169KB
Sample

240530-v4mspafa21
MD5

84ea962935a2e7b879fee2679702928a
SHA1

88e5596e70584d820a617e13d8ecbf5c3c767aff
SHA256

0dbad315cddc667cb29f30d02de18c3d5ff0547e0814c5170510ba1a11766b7a
SHA512

8bfa006c4898fb80eee818acf642794eecfc2455fa6f2bb49b679b0cbb2cb1cacafd90fb3ed6b7832267ceb2d551d7ec025bd44c436b6a12f32120c15c8e4694
SSDEEP

1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35H0:trfrzOH98ipgFlqfi

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://theccwork.com/mail.theccwork.com/IJp/

exe.dropper

https://www.retirementprofessional.com/wp-admin/tjQ/

exe.dropper

https://writingfromling.live/wp-admin/GL/

exe.dropper

http://shahqutubuddin.org/ix/

exe.dropper

https://jumpstart.store/wp-admin/q/

exe.dropper

https://aidenshirt.com/wp-admin/e6f/

exe.dropper

https://edenrug.store/wp-admin/H/

Targets

- Target
  
  84ea962935a2e7b879fee2679702928a_JaffaCakes118
- Size
  
  169KB
- MD5
  
  84ea962935a2e7b879fee2679702928a
- SHA1
  
  88e5596e70584d820a617e13d8ecbf5c3c767aff
- SHA256
  
  0dbad315cddc667cb29f30d02de18c3d5ff0547e0814c5170510ba1a11766b7a
- SHA512
  
  8bfa006c4898fb80eee818acf642794eecfc2455fa6f2bb49b679b0cbb2cb1cacafd90fb3ed6b7832267ceb2d551d7ec025bd44c436b6a12f32120c15c8e4694
- SSDEEP
  
  1536:vGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP+rIiZo7dLeqH74OC+pO4am35H0:trfrzOH98ipgFlqfi
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned suspicious child process

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2