General
-
Target
00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118
-
Size
238KB
-
Sample
240426-rt2x3sdf32
-
MD5
00fa448823eed14b07e52ee1dfdf6bd1
-
SHA1
627bda4c30fad92dced06fa261312cf102187d91
-
SHA256
d9ea74cc1009cc88049833c14d31a5217dc49f26ca90d1d012965d465b8e0fe4
-
SHA512
a18011877d83d64628254ba869c90a3a0d5fa3003d4fd6ee31613dc1f1cc2cc6b97f610d291e0fdd6eb0861a74a45a6d51f23855f5699aebd8a5000f5cc2ef89
-
SSDEEP
3072:/j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkR9C7F5L++PQSwIj:/HgtEWPsL/aTyT9GkvC7Fp+yQSwIj
Behavioral task
behavioral1
Sample
00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://synergiktattoo.com/vrryt/JxBJtEjuoMa/
http://intelligence.com.sg/registration/OmicxcEM/
http://justinkongyt.com/wp-includes/fwArIAQ/
http://octaitsolutions.com.br/tdse_n_merzn/eJcng/
https://coolcomputers.info/mail/vjfhVt/
http://mastermindgroup.co.in/wp-content/v1k751/
http://tastes2plate.com/wp-content/uploads/JEToKmid/
Targets
-
-
Target
00fa448823eed14b07e52ee1dfdf6bd1_JaffaCakes118
-
Size
238KB
-
MD5
00fa448823eed14b07e52ee1dfdf6bd1
-
SHA1
627bda4c30fad92dced06fa261312cf102187d91
-
SHA256
d9ea74cc1009cc88049833c14d31a5217dc49f26ca90d1d012965d465b8e0fe4
-
SHA512
a18011877d83d64628254ba869c90a3a0d5fa3003d4fd6ee31613dc1f1cc2cc6b97f610d291e0fdd6eb0861a74a45a6d51f23855f5699aebd8a5000f5cc2ef89
-
SSDEEP
3072:/j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkR9C7F5L++PQSwIj:/HgtEWPsL/aTyT9GkvC7Fp+yQSwIj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-