Extracted

• • Target

    d5ea8c92986816ced245b0572834f3b2_JaffaCakes118

  • Size

    3KB

  • MD5

    d5ea8c92986816ced245b0572834f3b2

  • SHA1

    5e6255e9a3c126d7ac5571d4e50d43ba288ea551

  • SHA256

    a61148ccfea21b7377660e7be32e425724fd63547c54ddcb7cfd24814e5abb51

  • SHA512

    bcf2191a694b1ce7ea0ba658655224d9a13d272fbcccbbdf2bb055e635a5adc3a553404ae65fcb2e89fdbc4c514a8e9f05cab04598732575f5fe1e8e8294572b

  Score

  10^/10

  defense_evasionexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2