24346ebead2ec6ea37b27c0939902b570698a2455170ba7ca2d0e9f3c9dac785 | Triage

Submit
Reports

Overview

overview

Static

static

1

86210e53ed...18.rtf

windows7-x64

86210e53ed...18.rtf

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

86210e53ed1942ad6dac5bb9c0844290_JaffaCakes118
Size

476KB
Sample

240810-p491bsvane
MD5

86210e53ed1942ad6dac5bb9c0844290
SHA1

b93bed2e799817d49eeeb2cb09099f0c17b233a4
SHA256

24346ebead2ec6ea37b27c0939902b570698a2455170ba7ca2d0e9f3c9dac785
SHA512

5e5febc24e9d49ab7c9bf12e0f8dfbb2c8212ec9a6ddc57fc9652cad1dd25eb40558c7fc90c4b5983e4ee996542aa348a4914bcea74feee064f6719e99fb33cc
SSDEEP

6144:u5ES9BYFDVp5ES9BYFDWH5ES9BYFDrA5ES9BYFDcc5ES9BYFDZA5ES9V:LmBmQm6mFmkmV

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

86210e53ed1942ad6dac5bb9c0844290_JaffaCakes118.rtf

Resource

win7-20240705-en

discovery execution

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

86210e53ed1942ad6dac5bb9c0844290_JaffaCakes118.rtf

Resource

win10v2004-20240802-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://lokipanelhostingpanel.gq/work/worknew/16.exe

Targets

- Target
  
  86210e53ed1942ad6dac5bb9c0844290_JaffaCakes118
- Size
  
  476KB
- MD5
  
  86210e53ed1942ad6dac5bb9c0844290
- SHA1
  
  b93bed2e799817d49eeeb2cb09099f0c17b233a4
- SHA256
  
  24346ebead2ec6ea37b27c0939902b570698a2455170ba7ca2d0e9f3c9dac785
- SHA512
  
  5e5febc24e9d49ab7c9bf12e0f8dfbb2c8212ec9a6ddc57fc9652cad1dd25eb40558c7fc90c4b5983e4ee996542aa348a4914bcea74feee064f6719e99fb33cc
- SSDEEP
  
  6144:u5ES9BYFDVp5ES9BYFDWH5ES9BYFDrA5ES9BYFDcc5ES9BYFDZA5ES9V:LmBmQm6mFmkmV
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy