4544d813fc5b91be214eff065bf8193df36917dca2e5cbce1a6ee9a782f54d0a | Triage

Sharing

General

Target

ed259596d9fedf8d57f93e6565727ee2_JaffaCakes118
Size

226KB
Sample

240920-jr3slawcng
MD5

ed259596d9fedf8d57f93e6565727ee2
SHA1

9dcae85383787d374853d930bd7ae19ef5fc7772
SHA256

4544d813fc5b91be214eff065bf8193df36917dca2e5cbce1a6ee9a782f54d0a
SHA512

30308e6baa36f61c0a867fad0fe77ae6d30dad799ff19423588c5d987db17ce4140bb770ecc8963578e85a90f23890facb50a63996addd34f2972c7e5c8d3460
SSDEEP

3072:PYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////p:R0uXnWFchmmcI/o1/KEP9c8wcy

Score

10^/10

discovery macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://miradoors.md/backup/hFiCHxXv/

exe.dropper

http://kuntur.tur.ar/wp-admin/OBoiKylqUuhlh/

exe.dropper

https://mhsr.ch/wp-admin/qHvi9amkg5llk43185606/

exe.dropper

http://miradoors.ro/cgi-bin/vhUgA4mu6tg1x461/

exe.dropper

http://nikniek.nl/cgi-bin/A74t5p0sobrc273635587/

exe.dropper

http://qualityhairbundles.com/of/FIKQDxATiQHEd/

exe.dropper

http://karaz.atwebpages.com/admin/2a4j1aqkks855324/

Targets

- Target
  
  ed259596d9fedf8d57f93e6565727ee2_JaffaCakes118
- Size
  
  226KB
- MD5
  
  ed259596d9fedf8d57f93e6565727ee2
- SHA1
  
  9dcae85383787d374853d930bd7ae19ef5fc7772
- SHA256
  
  4544d813fc5b91be214eff065bf8193df36917dca2e5cbce1a6ee9a782f54d0a
- SHA512
  
  30308e6baa36f61c0a867fad0fe77ae6d30dad799ff19423588c5d987db17ce4140bb770ecc8963578e85a90f23890facb50a63996addd34f2972c7e5c8d3460
- SSDEEP
  
  3072:PYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////p:R0uXnWFchmmcI/o1/KEP9c8wcy
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2