95d62fb07701b10d4125b6d637b51fb3ded4d5cac6c4c23e42afe150f0e733f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_06a7a334f5e2517c8ca43705e2a6895d
Size

160KB
Sample

250518-l8kdpaznv9
MD5

06a7a334f5e2517c8ca43705e2a6895d
SHA1

635686c6d66d68a7100331299aa18b625ef61eaa
SHA256

95d62fb07701b10d4125b6d637b51fb3ded4d5cac6c4c23e42afe150f0e733f8
SHA512

f4f6c86af4a2379c6be781a89b949509239f8e2fe27afd66a6abc0ef39f9a7775739cd49703be4ccee91e5d0c6fad634c3272b655a5702f3c8c80bee2042eaef
SSDEEP

3072:/iz5uTdcrrXyQBsc0vWJVi4IrwVgTnoLjIk+:q1XPIIoR

Score

10^/10

execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://senbiaojita.com/wp-admin/iDlsc/

exe.dropper

http://vassanaservices.com/TEST/V3/

exe.dropper

http://starkmotorracing.com/unhairer/nzFKm/

exe.dropper

http://cometarabian.com/wp-includes/zFY6U/

exe.dropper

https://buyitnowtoday.net/wp-admin/KI0K/

exe.dropper

http://re2me.xyz/opt/Ds/

exe.dropper

http://convictionfitness.webdmcsolutions.com/wp-admin/gUb/

Targets

- Target
  
  JaffaCakes118_06a7a334f5e2517c8ca43705e2a6895d
- Size
  
  160KB
- MD5
  
  06a7a334f5e2517c8ca43705e2a6895d
- SHA1
  
  635686c6d66d68a7100331299aa18b625ef61eaa
- SHA256
  
  95d62fb07701b10d4125b6d637b51fb3ded4d5cac6c4c23e42afe150f0e733f8
- SHA512
  
  f4f6c86af4a2379c6be781a89b949509239f8e2fe27afd66a6abc0ef39f9a7775739cd49703be4ccee91e5d0c6fad634c3272b655a5702f3c8c80bee2042eaef
- SSDEEP
  
  3072:/iz5uTdcrrXyQBsc0vWJVi4IrwVgTnoLjIk+:q1XPIIoR
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2