3db5537afa72bac1ad7529d5026dc4962d42b2e6af1cb12235cfc1f8751676b5 | Triage

Sharing

General

Target

ed3e0854716882ece0c1a44c1b891e57_JaffaCakes118
Size

150KB
Sample

240920-kr22qsycrj
MD5

ed3e0854716882ece0c1a44c1b891e57
SHA1

3e42aefc0570f57dd65def6d04cd6354a97f8479
SHA256

3db5537afa72bac1ad7529d5026dc4962d42b2e6af1cb12235cfc1f8751676b5
SHA512

eafa39664388a43066bc95a18e4a5797e55a79a298b8cad95dd5a265f8751627d84ff3ca77728e397abc275f554057869337011fb9d39f1f5950476051215299
SSDEEP

1536:mPiRmz80TdayTTtlj8S1PyswwPOhjS8lIAkAkB445TEgrO3jSWAg83tle1ZZ029C:T422TWTogk079THcpOu5UZ+OQ4y/jn

Score

10^/10

discovery

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://h2a1.com/uf8vu/U/

exe.dropper

http://www.almakaaseb.com/wp-includes/P/

exe.dropper

http://theitnconsultant.com/wp-includes/t/

exe.dropper

http://carstarai.com/icon/D/

exe.dropper

http://bug.chihuahuamediaprojects.com/wp-includes/u/

exe.dropper

https://aecc.dev.caveim.net/wp-admin/dZ/

exe.dropper

http://phimsex.2xxhub.com/wp-content/esp/5ur8drbma/6qH/

Targets

- Target
  
  ed3e0854716882ece0c1a44c1b891e57_JaffaCakes118
- Size
  
  150KB
- MD5
  
  ed3e0854716882ece0c1a44c1b891e57
- SHA1
  
  3e42aefc0570f57dd65def6d04cd6354a97f8479
- SHA256
  
  3db5537afa72bac1ad7529d5026dc4962d42b2e6af1cb12235cfc1f8751676b5
- SHA512
  
  eafa39664388a43066bc95a18e4a5797e55a79a298b8cad95dd5a265f8751627d84ff3ca77728e397abc275f554057869337011fb9d39f1f5950476051215299
- SSDEEP
  
  1536:mPiRmz80TdayTTtlj8S1PyswwPOhjS8lIAkAkB445TEgrO3jSWAg83tle1ZZ029C:T422TWTogk079THcpOu5UZ+OQ4y/jn
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2