Extracted

• • Target

    ed10bfff758a80752bd072e93cb7e7f8_JaffaCakes118

  • Size

    208KB

  • MD5

    ed10bfff758a80752bd072e93cb7e7f8

  • SHA1

    aeeacf51e3d94351b658676cd2085d863241ec40

  • SHA256

    dde1e4beb358bf4ab02fdad1e477b603c116bfa2c39d9c4c42740738304d4ed7

  • SHA512

    d9e8e7e5983e4c7b44ab4e0a7ada73ee5e2a992ea41ab2edf1e4750bc64c787419dad14b56ce2a35b6c0d5a66857e52bf0d58e0080fa35014b387e77c57277f7

  • SSDEEP

    6144:XgULVG5HuJG1VqDTQpzAiXajJ7qxPmdvmZ:XtGkIbzvX2qxA

  Score

  10^/10

  discoveryexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • An obfuscated cmd.exe command-line is typically used to evade detection.

  behavioral1behavioral2