General

  • Target

    070583cfed5f33b995a07d2b975795d8_JaffaCakes118

  • Size

    40KB

  • Sample

    240624-cc95ssvamg

  • MD5

    070583cfed5f33b995a07d2b975795d8

  • SHA1

    da79088d7e0ad133ae6745cb64673322f745efa0

  • SHA256

    31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde

  • SHA512

    47bf26214c554c3e42119fd1c84d54907e00c71bd9a545b2a9ff4bc98b827344d81bf35a0e6b9a752d36042c4d2ed20c740c06c3cb4ffd2acd2bd6cfafb66d1f

  • SSDEEP

    384:M0iSbOMKKHK1O9lkGps+4z51bgxKmxyCztMN0jebtp:jKKq1/51b0QCzt8h

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://onedrivenet.xyz/net/output3276D40.exe

Targets

    • Target

      070583cfed5f33b995a07d2b975795d8_JaffaCakes118

    • Size

      40KB

    • MD5

      070583cfed5f33b995a07d2b975795d8

    • SHA1

      da79088d7e0ad133ae6745cb64673322f745efa0

    • SHA256

      31721b6d7edd2c34848fbb668591f6870b635d14d2f696be99406724cc1becde

    • SHA512

      47bf26214c554c3e42119fd1c84d54907e00c71bd9a545b2a9ff4bc98b827344d81bf35a0e6b9a752d36042c4d2ed20c740c06c3cb4ffd2acd2bd6cfafb66d1f

    • SSDEEP

      384:M0iSbOMKKHK1O9lkGps+4z51bgxKmxyCztMN0jebtp:jKKq1/51b0QCzt8h

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks