c7e40c5bb07a38e5d072cc4f4fc3eef3b1ebd6e7ed10da6edc637941ca9e5ae3 | Triage

Sharing

General

Target

a938f9f04b2c8438690c81fe6de0e116_JaffaCakes118
Size

15KB
Sample

240614-mm2ara1amq
MD5

a938f9f04b2c8438690c81fe6de0e116
SHA1

6f372078a4a3cadf2b7bb66442bc7c813d87120a
SHA256

c7e40c5bb07a38e5d072cc4f4fc3eef3b1ebd6e7ed10da6edc637941ca9e5ae3
SHA512

8eaf29c49f1cc33a0a4b9d7218738330dde66c8939ebfba2911c91ebcd1859c31e700b548afda8784cf83d970d13bdbeffd49332501c4e8afc60c60772121475
SSDEEP

384:/br9XuasFux/FltDBIxcoucbF9OCqQd5rgNSTH:fpuasFupjDGcoucbbOCXdxgNSTH

Score

10^/10

macro

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://%909123id%909123id%909123id%909123id%[email protected]/kasdasdasasdasddskdd

Targets

- Target
  
  a938f9f04b2c8438690c81fe6de0e116_JaffaCakes118
- Size
  
  15KB
- MD5
  
  a938f9f04b2c8438690c81fe6de0e116
- SHA1
  
  6f372078a4a3cadf2b7bb66442bc7c813d87120a
- SHA256
  
  c7e40c5bb07a38e5d072cc4f4fc3eef3b1ebd6e7ed10da6edc637941ca9e5ae3
- SHA512
  
  8eaf29c49f1cc33a0a4b9d7218738330dde66c8939ebfba2911c91ebcd1859c31e700b548afda8784cf83d970d13bdbeffd49332501c4e8afc60c60772121475
- SSDEEP
  
  384:/br9XuasFux/FltDBIxcoucbF9OCqQd5rgNSTH:fpuasFupjDGcoucbbOCXdxgNSTH
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2