ae5b97a11193dc484bd0d88ade0cd05bb667dd5f5e6155f7834f333b5d3c10c5 | Triage

Sharing

General

Target

ff9b596a9adcef01014d3664ea827cd4_JaffaCakes118
Size

848KB
Sample

240930-a4gw8ashma
MD5

ff9b596a9adcef01014d3664ea827cd4
SHA1

ef1e9dbe82ed76915dbd80cf8d315703edd63e71
SHA256

ae5b97a11193dc484bd0d88ade0cd05bb667dd5f5e6155f7834f333b5d3c10c5
SHA512

13522af4c61523ffc6da14cdd681be0bada5ccedc7164501776640c9df1555fcc7ec67e9a986e4f8f168d3a0220a2042f78779e00f13c21ea3089284bb143750
SSDEEP

24576:uAHnh+eWsN3skA4RV1Hom2KXMmHazU15:Zh+ZkldoPK8YazK

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://paste.ee/r/h7YEj

ps1.dropper

https://paste.ee/r/pcnHb

Targets

- Target
  
  ff9b596a9adcef01014d3664ea827cd4_JaffaCakes118
- Size
  
  848KB
- MD5
  
  ff9b596a9adcef01014d3664ea827cd4
- SHA1
  
  ef1e9dbe82ed76915dbd80cf8d315703edd63e71
- SHA256
  
  ae5b97a11193dc484bd0d88ade0cd05bb667dd5f5e6155f7834f333b5d3c10c5
- SHA512
  
  13522af4c61523ffc6da14cdd681be0bada5ccedc7164501776640c9df1555fcc7ec67e9a986e4f8f168d3a0220a2042f78779e00f13c21ea3089284bb143750
- SSDEEP
  
  24576:uAHnh+eWsN3skA4RV1Hom2KXMmHazU15:Zh+ZkldoPK8YazK
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution