Extracted

• • Target

    ce3109aca2237ff1e0f7f98c066eb307_JaffaCakes118

  • Size

    134KB

  • MD5

    ce3109aca2237ff1e0f7f98c066eb307

  • SHA1

    f33b0e3a174fa419a51b2c6d7eb710337f5c0e97

  • SHA256

    89d8c90d091111f17323aae268bc8732132c82b6507a6e4773378a2e288e1fbc

  • SHA512

    47d535b9074d0a668db9e71aebfabb86de3f674352b9f7aee68cc475527f254e73eaff7dbd5ced9c9317bc0bba182caf02d664e26a25a0ad000d54904442036c

  • SSDEEP

    1536:O81ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a9udl6dAu:O8GhDS0o9zTGOZD6EbzCdsdIiu

  Score

  10^/10

  discoveryexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • An obfuscated cmd.exe command-line is typically used to evade detection.

  behavioral1behavioral2