8573c35338d256c00f8807111d2736fac86afa7670f189c2c408a43752ecd8f0 | Triage

Sharing

General

Target

eab65f72e19aa83d7d83ced33327bfd0_JaffaCakes118
Size

179KB
Sample

240919-gns3watfke
MD5

eab65f72e19aa83d7d83ced33327bfd0
SHA1

13a2f2d96165e1c0c78c7c45019daad417fc7088
SHA256

8573c35338d256c00f8807111d2736fac86afa7670f189c2c408a43752ecd8f0
SHA512

b4e22755cc7b1129c99a103acb8ea821646e65f0e322c3960d0ebcfb270660cf570b67c0ec072326ada0697271236e72f64a6661430ecb1952542aae6ce784bd
SSDEEP

1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a93SGIRK9b/WYjd2LO6h/QC27TzvY:crfrzOH98ipgPSGYK9TngLOm27TzvY

Score

10^/10

discovery macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://sasystemsuk.com/index_files/j9b/

exe.dropper

https://case.gonukkad.com/sys-cache/fmC/

exe.dropper

http://vandamebuilders.com/wp-includes/OEyjc9x/

exe.dropper

https://nilinkeji.com/online/Dmz/

exe.dropper

http://paganwitch.com/wp-admin/CmubpSk/

exe.dropper

http://www.ekramco.ir/english/fn/

exe.dropper

http://votesteve.us/closed_zone/Bk/

Targets

- Target
  
  eab65f72e19aa83d7d83ced33327bfd0_JaffaCakes118
- Size
  
  179KB
- MD5
  
  eab65f72e19aa83d7d83ced33327bfd0
- SHA1
  
  13a2f2d96165e1c0c78c7c45019daad417fc7088
- SHA256
  
  8573c35338d256c00f8807111d2736fac86afa7670f189c2c408a43752ecd8f0
- SHA512
  
  b4e22755cc7b1129c99a103acb8ea821646e65f0e322c3960d0ebcfb270660cf570b67c0ec072326ada0697271236e72f64a6661430ecb1952542aae6ce784bd
- SSDEEP
  
  1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a93SGIRK9b/WYjd2LO6h/QC27TzvY:crfrzOH98ipgPSGYK9TngLOm27TzvY
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2