General
-
Target
0057b75dddd7e2b6547b5b77be023684_JaffaCakes118
-
Size
199KB
-
Sample
240426-j2ethscd4s
-
MD5
0057b75dddd7e2b6547b5b77be023684
-
SHA1
aa24c88e14fc3e1bc02e5e34c6bc938a06f9b067
-
SHA256
0b04fdce5725ba5de02a44d8b2f971447d909cd8462fec771030a4a2c9ca2d8c
-
SHA512
d1aa2e35532cb5143e40deeeb87b6b7e7fc0bd97b8dec45ae0b492f1e641f5d2b607e4575b409c776ebeb67f47242c114623eed6385b04ea8a1a83ab6c99c06a
-
SSDEEP
1536:04tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a96ig7ix5EvGtaWWfjPYKwk:04tcTvjvTY140818tIP4ovpALmGwo4
Behavioral task
behavioral1
Sample
0057b75dddd7e2b6547b5b77be023684_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0057b75dddd7e2b6547b5b77be023684_JaffaCakes118.doc
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://veccino56.com/gjpra/4ZR/
http://girlgeekdinners.com/wp-content/Hpz/
http://marblingmagpie.com/COPYRIGHT/Ak/
http://aplicativoipok.net/wp-includes/ONW/
http://ec2-52-56-233-157.eu-west-2.compute.amazonaws.com/wp-includes/35/
https://shd7.life/mlktv/r6/
https://www.hairlineunisexsalon.com/demo/UX/
Targets
-
-
Target
0057b75dddd7e2b6547b5b77be023684_JaffaCakes118
-
Size
199KB
-
MD5
0057b75dddd7e2b6547b5b77be023684
-
SHA1
aa24c88e14fc3e1bc02e5e34c6bc938a06f9b067
-
SHA256
0b04fdce5725ba5de02a44d8b2f971447d909cd8462fec771030a4a2c9ca2d8c
-
SHA512
d1aa2e35532cb5143e40deeeb87b6b7e7fc0bd97b8dec45ae0b492f1e641f5d2b607e4575b409c776ebeb67f47242c114623eed6385b04ea8a1a83ab6c99c06a
-
SSDEEP
1536:04tcTv8kvjEuJ0dH5L0c4vs3ti18NmIIP4ovlnoR+a96ig7ix5EvGtaWWfjPYKwk:04tcTvjvTY140818tIP4ovpALmGwo4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-