General
-
Target
00dcc4966342eeccf29e0888ecbadcfe_JaffaCakes118
-
Size
221KB
-
Sample
240426-ql1jlsdb7s
-
MD5
00dcc4966342eeccf29e0888ecbadcfe
-
SHA1
53c8fb9417a245d028dfaad9b0c0de3209dd6849
-
SHA256
6c87c3c0acb5c7c76282b4f9327967f3405cdf95980d565c690fe1a7c6caf189
-
SHA512
c213c2979eb1699f6dbc0ff60d6d0f505569cebf585ffebc299804af968656550b84b9d9a79acac4d491ba19e662c8e6efa4e39860298f378eda53df1d895cf0
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovp0SGju9jDW1M+7Jp3C:EtcnvE140o8tIP4ap3jDjm3C
Behavioral task
behavioral1
Sample
00dcc4966342eeccf29e0888ecbadcfe_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
00dcc4966342eeccf29e0888ecbadcfe_JaffaCakes118.doc
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://hottco.com/stats/erd/
http://dutarini.com/cgi-bin/6/
https://brownshotelgroup.com/www.brownshotelgroup.com.pt/i9/
http://pastaciyiz.biz/wp-includes/fvx/
https://dogaltrm.com/components/r6h/
https://dortislem.net/administrator/c/
https://onyourleftracing.com/cgi-bin/QcC/
Targets
-
-
Target
00dcc4966342eeccf29e0888ecbadcfe_JaffaCakes118
-
Size
221KB
-
MD5
00dcc4966342eeccf29e0888ecbadcfe
-
SHA1
53c8fb9417a245d028dfaad9b0c0de3209dd6849
-
SHA256
6c87c3c0acb5c7c76282b4f9327967f3405cdf95980d565c690fe1a7c6caf189
-
SHA512
c213c2979eb1699f6dbc0ff60d6d0f505569cebf585ffebc299804af968656550b84b9d9a79acac4d491ba19e662c8e6efa4e39860298f378eda53df1d895cf0
-
SSDEEP
3072:b4tcTvjvTY140818tIP4ovp0SGju9jDW1M+7Jp3C:EtcnvE140o8tIP4ap3jDjm3C
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-