e15200f16ce6d15b4405184bd6fb3889731ba3de306844f76913113e26146cf2 | Triage

Sharing

General

Target

edcb262923c5d492034f6db5dba88cc5_JaffaCakes118
Size

53KB
Sample

240920-rvlx9a1dqd
MD5

edcb262923c5d492034f6db5dba88cc5
SHA1

49db9d14abe36ce23a24209eb3070038a6714e65
SHA256

e15200f16ce6d15b4405184bd6fb3889731ba3de306844f76913113e26146cf2
SHA512

ed8c3e54b1dd5d687b3c0c65c4826783c1ac43b224cefe87b08aecc00b406f139fa22aa5289e0752e03b360b97d8c9c0f4c34d09f6c5f81ab2265845b012a7bf
SSDEEP

768:amTSRcEBIbNN8+iUQDq9BhWUcl4RUf8W9DXlWXEjQfUsbyu9hfMQmQMjIybCJou1:2BaiUQm7hlcuaLgTfU6VrZNAkLu44q

Score

10^/10

discovery macro

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://qdijqwdunqwiqhwew.com/NA/smix.php?utma=donj

Targets

- Target
  
  edcb262923c5d492034f6db5dba88cc5_JaffaCakes118
- Size
  
  53KB
- MD5
  
  edcb262923c5d492034f6db5dba88cc5
- SHA1
  
  49db9d14abe36ce23a24209eb3070038a6714e65
- SHA256
  
  e15200f16ce6d15b4405184bd6fb3889731ba3de306844f76913113e26146cf2
- SHA512
  
  ed8c3e54b1dd5d687b3c0c65c4826783c1ac43b224cefe87b08aecc00b406f139fa22aa5289e0752e03b360b97d8c9c0f4c34d09f6c5f81ab2265845b012a7bf
- SSDEEP
  
  768:amTSRcEBIbNN8+iUQDq9BhWUcl4RUf8W9DXlWXEjQfUsbyu9hfMQmQMjIybCJou1:2BaiUQm7hlcuaLgTfU6VrZNAkLu44q
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2