General
-
Target
0095158b8a5a8d89dcee97dbaf6fd073_JaffaCakes118
-
Size
156KB
-
Sample
240426-mrhzzaef67
-
MD5
0095158b8a5a8d89dcee97dbaf6fd073
-
SHA1
d8742ecbb3c14c8443e3e9d646531333103cd8e4
-
SHA256
050b38c2cf415a2d1bd35c50f3feddf8f15a5279fcefb35883766da169c87c01
-
SHA512
bc3ac0f0da0412d7ff1d8d6cc9e530accd1e118e68829ec922ee49b192294366b2d2ab106ea238c4cdc7b71bed2def10aa8db946dffd712b08056136f696a830
-
SSDEEP
1536:CINj/tINj/ardi1Ir77zOH98Wj2gpngB+a9/pNvuaRlYYP46/3k/W+k/iSvgR0wS:VrfrzOH98ipgrNQYP4zua0wS
Behavioral task
behavioral1
Sample
0095158b8a5a8d89dcee97dbaf6fd073_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0095158b8a5a8d89dcee97dbaf6fd073_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://asfckmusic.com/axhhy/2/
http://webtalavera.com/site/1nBdLgY/
http://varthana.com/archive/sEaku/
http://rjsoft.nl/helpdesk/8TQ54h/
http://zoomandshootphotography.com/wp-includes/MPkwrU2/
http://prodel.com.br/pedidos/Sp9/
http://iemsys.co.za/fsffa.co.za/2ntFq/
Targets
-
-
Target
0095158b8a5a8d89dcee97dbaf6fd073_JaffaCakes118
-
Size
156KB
-
MD5
0095158b8a5a8d89dcee97dbaf6fd073
-
SHA1
d8742ecbb3c14c8443e3e9d646531333103cd8e4
-
SHA256
050b38c2cf415a2d1bd35c50f3feddf8f15a5279fcefb35883766da169c87c01
-
SHA512
bc3ac0f0da0412d7ff1d8d6cc9e530accd1e118e68829ec922ee49b192294366b2d2ab106ea238c4cdc7b71bed2def10aa8db946dffd712b08056136f696a830
-
SSDEEP
1536:CINj/tINj/ardi1Ir77zOH98Wj2gpngB+a9/pNvuaRlYYP46/3k/W+k/iSvgR0wS:VrfrzOH98ipgrNQYP4zua0wS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-