6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f

General

Target

9ca84c781d6722c02a250ce9258cb650_JaffaCakes118
Size

189KB
Sample

240611-cezf3s1ajq
MD5

9ca84c781d6722c02a250ce9258cb650
SHA1

48c5c893a427b99e4b352e4668aa589829ed905c
SHA256

6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f
SHA512

7a08ba4709b95f5614d2b431327f2b1bf31fdf2f2f3f22f5926ea15657586483b880ca4cddfff039c492d76fd994b3322c989e1eda92f15ba056ae42c4f04817
SSDEEP

3072:uvHv22TWTogk079THcpOu5UZNNu81zUz4LKvJ:E/TX07hHcJQXuezUEL4J

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://minershallmuseum.com/documents/D/

exe.dropper

http://injazjordan.com/moodle/Vh/

exe.dropper

https://site1.xyz/wp-admin/Y/

exe.dropper

http://2bstone.com/vr7tf0c/ZD/

exe.dropper

http://biology-360.com/wp-admin/hv/

exe.dropper

http://tez-tour.site/wp-content/9sB/

exe.dropper

http://iooe.cn/wp-content/hdO/

Targets

- Target
  
  9ca84c781d6722c02a250ce9258cb650_JaffaCakes118
- Size
  
  189KB
- MD5
  
  9ca84c781d6722c02a250ce9258cb650
- SHA1
  
  48c5c893a427b99e4b352e4668aa589829ed905c
- SHA256
  
  6351168d14cfa0372803482062882590c98d717dc4f4eb2541fe3a154e8dc40f
- SHA512
  
  7a08ba4709b95f5614d2b431327f2b1bf31fdf2f2f3f22f5926ea15657586483b880ca4cddfff039c492d76fd994b3322c989e1eda92f15ba056ae42c4f04817
- SSDEEP
  
  3072:uvHv22TWTogk079THcpOu5UZNNu81zUz4LKvJ:E/TX07hHcJQXuezUEL4J
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2