8846893c9d7c2a8b9d97068084f8c171e9110cf34322e70110da781dad24cc75 | Triage

Sharing

General

Target

e62f2edfeff116d22cc4f93d5b0313df_JaffaCakes118
Size

200KB
Sample

240917-gpbvzsxfld
MD5

e62f2edfeff116d22cc4f93d5b0313df
SHA1

4df8c1cbdce38925cc640f8d9649ee9b6a210cd3
SHA256

8846893c9d7c2a8b9d97068084f8c171e9110cf34322e70110da781dad24cc75
SHA512

b4cccee2550788949d3d6b510f84eaa1044f3c851136bc77e9f89127cd833c4eb0c5574524589db2a81fc753aa9d19f834604c11411445dac5c414f11a89d7c8
SSDEEP

3072:Ph2y/GdyjktGDWLS0HZWD5w8K7Nk9LD7IBUWlwCDuRdj95ks2:Ph2k4ztGiL3HJk9LD7bswC6Rdj95k/

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://moisesdavid.com/qoong/vy/

exe.dropper

http://insurancebabu.com/wp-admin/iXElcu9f/

exe.dropper

http://rishi99.com/framework.impossible/dhADGeie6/

exe.dropper

https://www.alertpage.net/confirmation/2nX/

exe.dropper

https://anttarc.org/chartaxd/DMBuiwf5u/

Targets

- Target
  
  e62f2edfeff116d22cc4f93d5b0313df_JaffaCakes118
- Size
  
  200KB
- MD5
  
  e62f2edfeff116d22cc4f93d5b0313df
- SHA1
  
  4df8c1cbdce38925cc640f8d9649ee9b6a210cd3
- SHA256
  
  8846893c9d7c2a8b9d97068084f8c171e9110cf34322e70110da781dad24cc75
- SHA512
  
  b4cccee2550788949d3d6b510f84eaa1044f3c851136bc77e9f89127cd833c4eb0c5574524589db2a81fc753aa9d19f834604c11411445dac5c414f11a89d7c8
- SSDEEP
  
  3072:Ph2y/GdyjktGDWLS0HZWD5w8K7Nk9LD7IBUWlwCDuRdj95ks2:Ph2k4ztGiL3HJk9LD7bswC6Rdj95k/
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2