General
-
Target
0123ef0e4840224ffc302a0201f9e305_JaffaCakes118
-
Size
233KB
-
Sample
240426-tfg2vsfh7s
-
MD5
0123ef0e4840224ffc302a0201f9e305
-
SHA1
d6ff26d4b2e769c803985f5b6a9750879128b50c
-
SHA256
90b9006b3beafe089d87e6ab22076f77e7b6056c7991c7580561ec5b9a69ab31
-
SHA512
39edd0a6624e081cb83c0a654f65a99da873d7fc5b2930a7d0236d87ce8dc21a272ad143d66bcad229b2a208093af3df6b2eb2d80024ed355d48298f4a2b932f
-
SSDEEP
3072:gEd93LpGo0aQLomHvsHCNERonfnCuNEQIk4/91v97:gEd2V0NCNEqf2QIfJ7
Behavioral task
behavioral1
Sample
0123ef0e4840224ffc302a0201f9e305_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0123ef0e4840224ffc302a0201f9e305_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://dataland-network.com/0yhPaoFo
http://128.199.68.28/NUipKSNdX
http://mbostagezoeken.nl/lTxOW3ais
http://199.43.199.16/wp-admin/PMnENN7UR
http://206.189.45.178/wp-content/uploads/aWk9ELnU
Targets
-
-
Target
0123ef0e4840224ffc302a0201f9e305_JaffaCakes118
-
Size
233KB
-
MD5
0123ef0e4840224ffc302a0201f9e305
-
SHA1
d6ff26d4b2e769c803985f5b6a9750879128b50c
-
SHA256
90b9006b3beafe089d87e6ab22076f77e7b6056c7991c7580561ec5b9a69ab31
-
SHA512
39edd0a6624e081cb83c0a654f65a99da873d7fc5b2930a7d0236d87ce8dc21a272ad143d66bcad229b2a208093af3df6b2eb2d80024ed355d48298f4a2b932f
-
SSDEEP
3072:gEd93LpGo0aQLomHvsHCNERonfnCuNEQIk4/91v97:gEd2V0NCNEqf2QIfJ7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-