General
-
Target
0016632d5787d3aafcd96a3765f2f209_JaffaCakes118
-
Size
93KB
-
Sample
240425-z2rfbafa57
-
MD5
0016632d5787d3aafcd96a3765f2f209
-
SHA1
ee427446c4e6b564ed76d9b6d1fd9189b2e9c21a
-
SHA256
41381d1be6edc5b46bc2aa5dcf06bbb5b0557ba81d821d23eb69f87660c0dbc1
-
SHA512
49f486177fe03186301c33c6aeacf66d0531aace2395cd0cd664bfcf7acb5b41cbd8f250186b9716aea428d6dc662cdd9c5495d3f5017020de7dbd06d12966ad
-
SSDEEP
1536:pptJlmrJpmxlRw99NBO+aGMKXvLGPGypBR4T:Xte2dw99fcOvKeEBRY
Behavioral task
behavioral1
Sample
0016632d5787d3aafcd96a3765f2f209_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0016632d5787d3aafcd96a3765f2f209_JaffaCakes118.doc
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://heavyaromaticsolvents.net/CK
http://digitalwebexperts.com/yPCF
http://moo.lt/f8OXiWkz
http://hmt.co.nz/9UUH
http://montagemela.com/cVHX2z
Targets
-
-
Target
0016632d5787d3aafcd96a3765f2f209_JaffaCakes118
-
Size
93KB
-
MD5
0016632d5787d3aafcd96a3765f2f209
-
SHA1
ee427446c4e6b564ed76d9b6d1fd9189b2e9c21a
-
SHA256
41381d1be6edc5b46bc2aa5dcf06bbb5b0557ba81d821d23eb69f87660c0dbc1
-
SHA512
49f486177fe03186301c33c6aeacf66d0531aace2395cd0cd664bfcf7acb5b41cbd8f250186b9716aea428d6dc662cdd9c5495d3f5017020de7dbd06d12966ad
-
SSDEEP
1536:pptJlmrJpmxlRw99NBO+aGMKXvLGPGypBR4T:Xte2dw99fcOvKeEBRY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-