General
-
Target
JaffaCakes118_82dbd2c8c85902531ba683ae097c42a567a503054bbea2292e4741935018d7d4
-
Size
174KB
-
Sample
241224-np33sswqhl
-
MD5
3fe238127cb8342c39e456c6d3d9326c
-
SHA1
3cb30efce98cd8e08e1fec064d7bd010376bc61a
-
SHA256
82dbd2c8c85902531ba683ae097c42a567a503054bbea2292e4741935018d7d4
-
SHA512
23d0ee60cebacf6b64f73659c58fee78f90e5c7cff2a682e67114c75ee074106bfbc6e09c903206ae9b82923b957e8ef72260e9fa2446b655fa60f7d5ae52093
-
SSDEEP
3072:KvFB3pm2NTQalRz3s0bRhQevjHAdcGX6OqVy2cSdL0uLvSfaMa7vMPlalVQ+:6kBk3s0z5c6Oky2cSd0uzSfaMa7v6al5
Static task
static1
Behavioral task
behavioral1
Sample
1.ps1
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
2.ps1
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
2.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
asyncrat
0.5.7B
29/7
vvat22.con-ip.com:7707
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
1.ps1
-
Size
257KB
-
MD5
fa9de551f6fd38a4b04e3207e08e846c
-
SHA1
2ef8eb4e82ce9f52e5fa61e04fec1f9b92230903
-
SHA256
f8dae9c1f9c629a6811c6b2fc648b8f952a0331a1d5c04005808b4daeeae93fb
-
SHA512
ed8024a8279f3ac1a4d4b3be7214b9ec0d429a7228ea126e298034c4952e0ce048f7c83d4e0aab0760701653a0a77aea82cd94ae5b59161cae811a93c212c3ce
-
SSDEEP
6144:JRQRmeIR/ENCsOFAjL3vTV8MG0NsPSSzQw6ACnfRFG5jS:zXiL7XvLw6Ak6W
-
Asyncrat family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
2.ps1
-
Size
257KB
-
MD5
1782325a32c0d152d2fc5f936764096b
-
SHA1
32708733721654fd7ce18a2cc5859404dd365b48
-
SHA256
e1dd619f137db33a6223900a330af2c9bb58b55b01504f142a27a4f44880a3ca
-
SHA512
592aa5ef0a6b9f746538e503d40c250122a166db9fbd37ce08607b210ecdb09d7b42c5ca898d4b7ff0b3544f202aa7a52b7704f148f66df38ae9c836468b56a4
-
SSDEEP
6144:aRQRmeIR/ENCsOFAjL3vTV8MG0NsPSSzQw6ACnfRFG5jc:wXiL7XvLw6Ak6o
Score3/10 -