8e0de460b9fda2be0a5598feaffe9a0faa477f28848503df55aca29e02a5d73f | Triage

Sharing

General

Target

99db04dd333aeb461aeef0a737812483_JaffaCakes118
Size

96KB
Sample

240606-dkd8rsfc7x
MD5

99db04dd333aeb461aeef0a737812483
SHA1

610b769e0f2046a9bd10ecf94f51bf8a00f8ef7c
SHA256

8e0de460b9fda2be0a5598feaffe9a0faa477f28848503df55aca29e02a5d73f
SHA512

1f8d24432c3b3b7123fc183b031ee796953d0dd0d6a6cd59711423d21949e174d7db6a2c14f03c45e53535637f638e69002c978ca35a58b0af9686ce514b6d5a
SSDEEP

1536:aIiQdI1iiguaEdgraY+aggUh/X+jsR4yINs:BiF1tgpEdXX+a4yINs

Score

10^/10

execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://maisbrasilphoto.com.br/dojziJG/

exe.dropper

http://nincom.nl/pzN5/

exe.dropper

http://rehal.jp/fhwO9XG/

exe.dropper

http://rkschmidt.net/rqun/

Targets

- Target
  
  99db04dd333aeb461aeef0a737812483_JaffaCakes118
- Size
  
  96KB
- MD5
  
  99db04dd333aeb461aeef0a737812483
- SHA1
  
  610b769e0f2046a9bd10ecf94f51bf8a00f8ef7c
- SHA256
  
  8e0de460b9fda2be0a5598feaffe9a0faa477f28848503df55aca29e02a5d73f
- SHA512
  
  1f8d24432c3b3b7123fc183b031ee796953d0dd0d6a6cd59711423d21949e174d7db6a2c14f03c45e53535637f638e69002c978ca35a58b0af9686ce514b6d5a
- SSDEEP
  
  1536:aIiQdI1iiguaEdgraY+aggUh/X+jsR4yINs:BiF1tgpEdXX+a4yINs
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2