General
-
Target
001790968376ce0ae28282281c3e0667_JaffaCakes118
-
Size
173KB
-
Sample
240425-z3676afa5t
-
MD5
001790968376ce0ae28282281c3e0667
-
SHA1
ee331401002110fd58cc91f1000fdc5b763f2da1
-
SHA256
0316ae38f6aa57cd2f8fb8081311cbc614e0ab5b008e8aad5f62dd2bef7d8389
-
SHA512
b08799fe6bef1c3d35f58bfc2fb7482c9a2c68c99988d7a701fae3fb5d8f208aff65c8e0301c1c61c8fc0d87fa133e5323b955207659ffe07e58f3363ba0ffca
-
SSDEEP
1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpe:XrfrzOH98ipg5yE10gJ+
Behavioral task
behavioral1
Sample
001790968376ce0ae28282281c3e0667_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
001790968376ce0ae28282281c3e0667_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://up.neu.vn/ahubhten/GoU5j/
http://zsstart.com/mobile/lM4onHI/
https://softgon.com/wp-content/gjVNOlY/
https://studiolegaletufano.net/setting/LFkMN/
http://trillionstarplus.com/wp-admin/SVhB4/
http://blog.tobenum.club/wp-content/drHj/
http://homful.info/wp-content/5UEyn/
Targets
-
-
Target
001790968376ce0ae28282281c3e0667_JaffaCakes118
-
Size
173KB
-
MD5
001790968376ce0ae28282281c3e0667
-
SHA1
ee331401002110fd58cc91f1000fdc5b763f2da1
-
SHA256
0316ae38f6aa57cd2f8fb8081311cbc614e0ab5b008e8aad5f62dd2bef7d8389
-
SHA512
b08799fe6bef1c3d35f58bfc2fb7482c9a2c68c99988d7a701fae3fb5d8f208aff65c8e0301c1c61c8fc0d87fa133e5323b955207659ffe07e58f3363ba0ffca
-
SSDEEP
1536:7DGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiPIFqaS17dv8qHSDHrLubIaEHpe:XrfrzOH98ipg5yE10gJ+
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-