c62f02ac392d005e396bf0bdf4d7eed9c2ce49183d1fe4c694c13cbe7201eaa0

General

Target

a956aee514439ad6c13b3566e7531133_JaffaCakes118
Size

143KB
Sample

240614-m6dnssxgpb
MD5

a956aee514439ad6c13b3566e7531133
SHA1

8d1cad846688110bc0bdd8129bc39d5685bb3697
SHA256

c62f02ac392d005e396bf0bdf4d7eed9c2ce49183d1fe4c694c13cbe7201eaa0
SHA512

f2ce8c2fde9c727b35540fc71c09f19228e8e158ffdf46529bd31b8f8276ba2f3f4e2854145cabdf108ec5b0435bee7cbfeb81a0770c7eeaee98a9e30f64de15
SSDEEP

3072:VN8GhDS0o9zTGOZD6EbzCdn+0Bkbj1Q3:VHoUOZDlben+0Kbp

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://www.forma-31.ru/x9w0Q_aJ9eUDi_0

exe.dropper

http://codienlanhnme.vn/wmfuxxu_bf8c_ccJhM

exe.dropper

http://www.viajesdelbosque.com/oJmICLR_SF1qjTc9v

exe.dropper

http://www.kiber-soft.ru/Heq3CDGN_tvvO3Ae1q

exe.dropper

http://www.yogaspaceme.com/QCPdiT_LN2iP6fHd

Targets

- Target
  
  a956aee514439ad6c13b3566e7531133_JaffaCakes118
- Size
  
  143KB
- MD5
  
  a956aee514439ad6c13b3566e7531133
- SHA1
  
  8d1cad846688110bc0bdd8129bc39d5685bb3697
- SHA256
  
  c62f02ac392d005e396bf0bdf4d7eed9c2ce49183d1fe4c694c13cbe7201eaa0
- SHA512
  
  f2ce8c2fde9c727b35540fc71c09f19228e8e158ffdf46529bd31b8f8276ba2f3f4e2854145cabdf108ec5b0435bee7cbfeb81a0770c7eeaee98a9e30f64de15
- SSDEEP
  
  3072:VN8GhDS0o9zTGOZD6EbzCdn+0Bkbj1Q3:VHoUOZDlben+0Kbp
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2