General
-
Target
003d1b1e080db4b48467ad41fcbed232_JaffaCakes118
-
Size
189KB
-
Sample
240426-ht87qabc2w
-
MD5
003d1b1e080db4b48467ad41fcbed232
-
SHA1
d2aff9bb84985700d80d213588d000d19c6667b8
-
SHA256
22a29b66bba17966a31c3cd3286dc31fa1c99e45ab2fa9bd84eeee1bd847f58e
-
SHA512
3d3d622bfe9df69a497b76a817dd18662a43ac7800f28978554ae9299e1c2f6364896fb13e7ac09a34b97a9ed4588e269b887bc2bc1ee85b511ed5ded29ad662
-
SSDEEP
3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKZL:E/TX07hHcJQ1uezUELGL
Behavioral task
behavioral1
Sample
003d1b1e080db4b48467ad41fcbed232_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
003d1b1e080db4b48467ad41fcbed232_JaffaCakes118.doc
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://minershallmuseum.com/documents/D/
http://injazjordan.com/moodle/Vh/
https://site1.xyz/wp-admin/Y/
http://2bstone.com/vr7tf0c/ZD/
http://biology-360.com/wp-admin/hv/
http://tez-tour.site/wp-content/9sB/
http://iooe.cn/wp-content/hdO/
Targets
-
-
Target
003d1b1e080db4b48467ad41fcbed232_JaffaCakes118
-
Size
189KB
-
MD5
003d1b1e080db4b48467ad41fcbed232
-
SHA1
d2aff9bb84985700d80d213588d000d19c6667b8
-
SHA256
22a29b66bba17966a31c3cd3286dc31fa1c99e45ab2fa9bd84eeee1bd847f58e
-
SHA512
3d3d622bfe9df69a497b76a817dd18662a43ac7800f28978554ae9299e1c2f6364896fb13e7ac09a34b97a9ed4588e269b887bc2bc1ee85b511ed5ded29ad662
-
SSDEEP
3072:uvHv22TWTogk079THcpOu5UZvNu81zUz4LKZL:E/TX07hHcJQ1uezUELGL
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-