Overview

overview

10

Static

static

1

632780baa3...18.vbs

windows7-x64

10

632780baa3...18.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    632780baa361dd3605fcf17608d9ec39_JaffaCakes118

  • Size

    8KB

  • Sample

    240722-n7e4paxdrr

  • MD5

    632780baa361dd3605fcf17608d9ec39

  • SHA1

    a163418f92f185d77e7d3325385952828f69c199

  • SHA256

    7417778071586aac382bb6d2f65a28f9104b632f0f6d05fedd2c8f7ecb07c11e

  • SHA512

    410c01c5836db810dcefc049d20853c96bc5f5e5e18896e0669b049ec827a7cf6eefd3bcec35781836a091c831555770a6d4f8f611864642d0616fe49bafc01e

  • SSDEEP

    192:CIZ0fqhwP9+o6r1yIM9q2Jh9tp3F5lDBK:CgKMo6rYo2Jh9tpV5l4

Score
10/10

Malware Config

Targets

    • Target

      632780baa361dd3605fcf17608d9ec39_JaffaCakes118

    • Size

      8KB

    • MD5

      632780baa361dd3605fcf17608d9ec39

    • SHA1

      a163418f92f185d77e7d3325385952828f69c199

    • SHA256

      7417778071586aac382bb6d2f65a28f9104b632f0f6d05fedd2c8f7ecb07c11e

    • SHA512

      410c01c5836db810dcefc049d20853c96bc5f5e5e18896e0669b049ec827a7cf6eefd3bcec35781836a091c831555770a6d4f8f611864642d0616fe49bafc01e

    • SSDEEP

      192:CIZ0fqhwP9+o6r1yIM9q2Jh9tp3F5lDBK:CgKMo6rYo2Jh9tpV5l4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks