General
-
Target
fff8a9dd6284ea3be3a1b5515010ea60_JaffaCakes118
-
Size
21KB
-
Sample
240421-xwczmahg55
-
MD5
fff8a9dd6284ea3be3a1b5515010ea60
-
SHA1
996f02d38dbcfb1866fb6dccf389754a5cbfae79
-
SHA256
896e852a297af485ef1ab4cd296f3df13be6dcff952d0aa1a6435dca59fffe14
-
SHA512
ce2bfa426606f42ac4a019e792586b1ab5b74e48c99918d922cdee6f69a7ead8bf31cfef7add4bc4895b5ad18117df5dcea71a965916d73c26f3220a60e1e88d
-
SSDEEP
384:fjMi9z5BmTcNYp762zzDSNUSyvtw/X2LRc9AUBnKrOyKIvFeXOH/I7JRu85HEO1D:bMi1tsO2zzDSiSrWRc9j4vFAnDJo02M
Behavioral task
behavioral1
Sample
redoc.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
redoc.doc
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
redoc.doc
-
Size
43KB
-
MD5
7e65b487703b522b7ec2c14cf60dfc13
-
SHA1
b56f5de1ec9df02c48a92ecb034df73c85564762
-
SHA256
d6604d63a315c752bf276d8f121755efb5781774701661db861b40864c965ab4
-
SHA512
81983e5fe405639268f54223eb7882b5627cbe5853f22d042e7f40ca89d53eb090383882ea71b451af880379a1d55ebd71f57a8caadae13ab96b8fe38a3c267b
-
SSDEEP
384:2pVDKHi8vJcVAvkzi1V0GsrJFWLnrXbdNHFSUIWq8iSUR/8devkLw+th/4DSxbz1:UKHiA3vdDsrXA7bdBIWg/qaHvDSNo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-