General
-
Target
010fa6c5af19b41e7683df7912b7d2d7_JaffaCakes118
-
Size
186KB
-
Sample
240426-sp8qhaec82
-
MD5
010fa6c5af19b41e7683df7912b7d2d7
-
SHA1
c4827d0abd065ec74b1385a0e3554268c9113ef4
-
SHA256
f164edfe353f4cf7654a5ce0fe6ce62fcca2a73454455a392b5210e3ff43de85
-
SHA512
557b2df4652f58955a7740458c4fd317c4f695bd198aaa0ac83f7d191998d706ebe21c07d8d390f8ba02eac8856452dc2daa9bcf0ef31d547e1151da1f3d710b
-
SSDEEP
1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCA7:zrfrzOH98ipg+ebJ
Behavioral task
behavioral1
Sample
010fa6c5af19b41e7683df7912b7d2d7_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
010fa6c5af19b41e7683df7912b7d2d7_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://scrappy.upsproutmedia.com/wp-admin/J/
https://china-specialist.com/wp-content/YrLG/
https://www.upsproutmedia.com/wp-admin/M/
http://pagearrow.com/wordpress/B/
http://a.xuezha.cn/lajop/OYdUzf/
http://blog.saadata.com/cgi-bin/vwz/
http://zeeamfashion.com/content/rqoL/
Targets
-
-
Target
010fa6c5af19b41e7683df7912b7d2d7_JaffaCakes118
-
Size
186KB
-
MD5
010fa6c5af19b41e7683df7912b7d2d7
-
SHA1
c4827d0abd065ec74b1385a0e3554268c9113ef4
-
SHA256
f164edfe353f4cf7654a5ce0fe6ce62fcca2a73454455a392b5210e3ff43de85
-
SHA512
557b2df4652f58955a7740458c4fd317c4f695bd198aaa0ac83f7d191998d706ebe21c07d8d390f8ba02eac8856452dc2daa9bcf0ef31d547e1151da1f3d710b
-
SSDEEP
1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCA7:zrfrzOH98ipg+ebJ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-