General

  • Target

    c9a696ae8418ba58359d61b61d3adf3a_JaffaCakes118

  • Size

    45KB

  • Sample

    240829-z3fp7stdnj

  • MD5

    c9a696ae8418ba58359d61b61d3adf3a

  • SHA1

    50594ce2c9eabd6c6a01c60073f761f7e2018a6b

  • SHA256

    7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674

  • SHA512

    c21ba4a82ae364954ab644063cd390934d242b146ca452e19acb0ccc94ecc589fd2f4d5ce535848d8956c0a19d5e8eac39fae9d788d228da8c43200a74c34222

  • SSDEEP

    768:GoF35Ht0SwPasau4mU+4pL5n5LZImZok3hOdsylKlgryzc4bNhZFGzE+cL2knAJ+:vF35Ht0SwPasau4mU+4pL5n5LZImZok3

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://stevemike-fireforce.info/new/output3276D40.exe

exe.dropper

http://www.iiswc.org/iiswc2009/sample.doc

Targets

    • Target

      c9a696ae8418ba58359d61b61d3adf3a_JaffaCakes118

    • Size

      45KB

    • MD5

      c9a696ae8418ba58359d61b61d3adf3a

    • SHA1

      50594ce2c9eabd6c6a01c60073f761f7e2018a6b

    • SHA256

      7d856ce2b96e10fef190ee959c6c3eae5aeae6e9c2994fe002ad4e8cf3253674

    • SHA512

      c21ba4a82ae364954ab644063cd390934d242b146ca452e19acb0ccc94ecc589fd2f4d5ce535848d8956c0a19d5e8eac39fae9d788d228da8c43200a74c34222

    • SSDEEP

      768:GoF35Ht0SwPasau4mU+4pL5n5LZImZok3hOdsylKlgryzc4bNhZFGzE+cL2knAJ+:vF35Ht0SwPasau4mU+4pL5n5LZImZok3

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks