eff1add3604705dc01aa6e09ab7d10d749edca568a9c090a759b61190bb10009 | Triage

Sharing

General

Target

fc2f8c2012529d406610ec15b3d74951_JaffaCakes118
Size

247KB
Sample

240928-nc91kssgnr
MD5

fc2f8c2012529d406610ec15b3d74951
SHA1

50d1301e3226e78c978636243b03b4855d49e734
SHA256

eff1add3604705dc01aa6e09ab7d10d749edca568a9c090a759b61190bb10009
SHA512

a3f0735f110b479599061b46e0bccd9045118376ed778b53330d6365878f3f54c618c2e3f214077db8b83c0ca2fb7e8c468ad02acbb840fa36d191ac0b4d7c55
SSDEEP

3072:a1wmL5TalBC81ijXS4Rt9ui2nNejL/xSu90OoiLuDKZXfwKeljR14:UL5eb54ui2nNkxUOmD+XfwLM

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://koltukasistani.com/MQKx5tquZSaKOS_jjd5iV3ms

exe.dropper

http://karnatakajudo.org/Fr7JEg3XCtx

exe.dropper

http://privateinvestigatorkendall.com/Fo9cwuVLQWUA

exe.dropper

http://pwp7.ir/PiA5CBMYHR_7

exe.dropper

http://leotravels.in/RiuC1MPOP1s

Targets

- Target
  
  fc2f8c2012529d406610ec15b3d74951_JaffaCakes118
- Size
  
  247KB
- MD5
  
  fc2f8c2012529d406610ec15b3d74951
- SHA1
  
  50d1301e3226e78c978636243b03b4855d49e734
- SHA256
  
  eff1add3604705dc01aa6e09ab7d10d749edca568a9c090a759b61190bb10009
- SHA512
  
  a3f0735f110b479599061b46e0bccd9045118376ed778b53330d6365878f3f54c618c2e3f214077db8b83c0ca2fb7e8c468ad02acbb840fa36d191ac0b4d7c55
- SSDEEP
  
  3072:a1wmL5TalBC81ijXS4Rt9ui2nNejL/xSu90OoiLuDKZXfwKeljR14:UL5eb54ui2nNkxUOmD+XfwLM
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2