General
-
Target
013156bc1d27648053e5b957928d6650_JaffaCakes118
-
Size
152KB
-
Sample
240426-t2brzaff34
-
MD5
013156bc1d27648053e5b957928d6650
-
SHA1
840cad388e95fee2dc7915c19d60233f24bb7952
-
SHA256
a0317339838e6999848a008692eb356adc893034fca1c323524533514cff15ec
-
SHA512
71acbe6a5f0883e06bfba0459e9f0764420bdcbfc4a010bc9766848048cc875431867a308c4c7231c40992f873bc9b6ac413d382297b1c0d3c63319eabf0b90e
-
SSDEEP
1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9KrqYzE4gLyPxzw3:irfrzOH98ipgoqYzE4rxzw3
Behavioral task
behavioral1
Sample
013156bc1d27648053e5b957928d6650_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
013156bc1d27648053e5b957928d6650_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://www.gozowindmill.com/meteo/97/
http://www.greaudstudio.com/docs/Z/
https://b176f.cn/wp-admin/1/
https://blog.socialpill.in/jdzetd/fZuInax/
http://maisshake.com.br/wp-includes/dPmzV1/
http://mesdelicesitaliens.fr/wp-admin/tSlCBpP/
http://grndl.com/oinj/j4/
Targets
-
-
Target
013156bc1d27648053e5b957928d6650_JaffaCakes118
-
Size
152KB
-
MD5
013156bc1d27648053e5b957928d6650
-
SHA1
840cad388e95fee2dc7915c19d60233f24bb7952
-
SHA256
a0317339838e6999848a008692eb356adc893034fca1c323524533514cff15ec
-
SHA512
71acbe6a5f0883e06bfba0459e9f0764420bdcbfc4a010bc9766848048cc875431867a308c4c7231c40992f873bc9b6ac413d382297b1c0d3c63319eabf0b90e
-
SSDEEP
1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9KrqYzE4gLyPxzw3:irfrzOH98ipgoqYzE4rxzw3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-