General
-
Target
0114bd6e1b10e3ec3d7e592373297688_JaffaCakes118
-
Size
210KB
-
Sample
240426-sw8dbaee29
-
MD5
0114bd6e1b10e3ec3d7e592373297688
-
SHA1
416b2932f0cef42160953445342fac5eb62deb58
-
SHA256
cc422106d6dd2c41a70e946a117c310587b1beb090c9366c0122801bdbf0ab0a
-
SHA512
4237a058d8ee1d416c0c443962cdeac73ef8e659d1f927923d6574298faf2efc0161ac9685db75b4e90877735eba6dcfc302ad75bc99387ea6f76c25c838e750
-
SSDEEP
3072:0P22TWTogk079THcpOu5UZSN5kmcB/YNYyg8:E/TX07hHcJQYe01R
Behavioral task
behavioral1
Sample
0114bd6e1b10e3ec3d7e592373297688_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0114bd6e1b10e3ec3d7e592373297688_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
https://waytoger.com/wp-admin/w/
https://jaguarssus.xyz/wp-admin/GfU/
https://learnkalmar.com/wp-includes/VSZ/
http://tiendapablus.net/cgi-bin/SIr/
https://prsaze.com/wp-admin/7a/
https://www.campuscamarafp.com/wp-admin/N/
https://infolockerz.com/wp-content/x/
Targets
-
-
Target
0114bd6e1b10e3ec3d7e592373297688_JaffaCakes118
-
Size
210KB
-
MD5
0114bd6e1b10e3ec3d7e592373297688
-
SHA1
416b2932f0cef42160953445342fac5eb62deb58
-
SHA256
cc422106d6dd2c41a70e946a117c310587b1beb090c9366c0122801bdbf0ab0a
-
SHA512
4237a058d8ee1d416c0c443962cdeac73ef8e659d1f927923d6574298faf2efc0161ac9685db75b4e90877735eba6dcfc302ad75bc99387ea6f76c25c838e750
-
SSDEEP
3072:0P22TWTogk079THcpOu5UZSN5kmcB/YNYyg8:E/TX07hHcJQYe01R
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-