General
-
Target
0204bc31bfb095c08172f8800b614ea7_JaffaCakes118
-
Size
213KB
-
Sample
240427-ayngtagb91
-
MD5
0204bc31bfb095c08172f8800b614ea7
-
SHA1
3805b9508b960aba9593400677cfb8d5386a9694
-
SHA256
dc6d5bf94473dc7cce5b24aa5f7cf7025170743a43cd3d0c9831bb4b0673612a
-
SHA512
e1669a19e5ee55b73cd0c107f090d18d826112fbb0ad8a51f5aa9eae1e120367c4731fda25d6fbf9acc82e2a0a7e8379e3f52a5b79ea18c617b00439806add99
-
SSDEEP
3072:u22TWTogk079THcpOu5UZL0/6tJR6R+fo:u/TX07hHcJQHtT6RKo
Behavioral task
behavioral1
Sample
0204bc31bfb095c08172f8800b614ea7_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0204bc31bfb095c08172f8800b614ea7_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://www.1plus-agency.com/tmp/nlr08Z0/
http://winadev.com/uglot/iiClU/
https://enews.enkj.com/wordpress/h62/
https://apicosto.misco-furniture.com/dvzmj/0xm3yS/
http://drbeatrice.com/wp-content/HSz/
https://ienerpro.com/cgi-bin/VVwhOR/
https://premierbarsamui.com/Irc/O/
Targets
-
-
Target
0204bc31bfb095c08172f8800b614ea7_JaffaCakes118
-
Size
213KB
-
MD5
0204bc31bfb095c08172f8800b614ea7
-
SHA1
3805b9508b960aba9593400677cfb8d5386a9694
-
SHA256
dc6d5bf94473dc7cce5b24aa5f7cf7025170743a43cd3d0c9831bb4b0673612a
-
SHA512
e1669a19e5ee55b73cd0c107f090d18d826112fbb0ad8a51f5aa9eae1e120367c4731fda25d6fbf9acc82e2a0a7e8379e3f52a5b79ea18c617b00439806add99
-
SSDEEP
3072:u22TWTogk079THcpOu5UZL0/6tJR6R+fo:u/TX07hHcJQHtT6RKo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-