General
-
Target
ffc881191b9d0891dc45709b5f2b2a4d_JaffaCakes118
-
Size
36KB
-
Sample
240421-vxkpragc5s
-
MD5
ffc881191b9d0891dc45709b5f2b2a4d
-
SHA1
e51e1f566aad276a19412d85ad8c9b50a0c2b069
-
SHA256
3a64f774b996ea2c2e9ae641174756ccf892ea8b74860d04d23d916a5b76ed46
-
SHA512
8b0e2230a169c73ff126deadf00917fb0c3bfe1eb2748716359abca89f64092b9bc0dd83d31c8a315081f0a918a4b42e4138e74d112a6343bebe241ff3423f2c
-
SSDEEP
768:GPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJeypD++AeiXTEc/Sg4WMPTm:6ok3hbdlylKsgqopeJBWhZFGkE+cL2N9
Behavioral task
behavioral1
Sample
ffc881191b9d0891dc45709b5f2b2a4d_JaffaCakes118.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ffc881191b9d0891dc45709b5f2b2a4d_JaffaCakes118.xls
Resource
win10v2004-20240412-en
Malware Config
Extracted
https://statedauto.com/wp-data.php
Targets
-
-
Target
ffc881191b9d0891dc45709b5f2b2a4d_JaffaCakes118
-
Size
36KB
-
MD5
ffc881191b9d0891dc45709b5f2b2a4d
-
SHA1
e51e1f566aad276a19412d85ad8c9b50a0c2b069
-
SHA256
3a64f774b996ea2c2e9ae641174756ccf892ea8b74860d04d23d916a5b76ed46
-
SHA512
8b0e2230a169c73ff126deadf00917fb0c3bfe1eb2748716359abca89f64092b9bc0dd83d31c8a315081f0a918a4b42e4138e74d112a6343bebe241ff3423f2c
-
SSDEEP
768:GPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJeypD++AeiXTEc/Sg4WMPTm:6ok3hbdlylKsgqopeJBWhZFGkE+cL2N9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-