General
-
Target
021aee7b57d635b674117d8c29d6f657_JaffaCakes118
-
Size
171KB
-
Sample
240427-bws5ysgb78
-
MD5
021aee7b57d635b674117d8c29d6f657
-
SHA1
39a18ef54895b363fcf1ee6b798ee135d8dead5f
-
SHA256
babaf8e764b3bc4f5fef74de7d819fa533ebf675d69174df27c5e0ae20174eca
-
SHA512
256e65379ae3e2ea9f98d1eb777236148a43a318360c39e62ed5a9582b1e9fde9cd706694f76246b171fac6f1599a6135ee194eb772fccb1540345189fd9581d
-
SSDEEP
1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5ic:yrfrzOH98ipg9PLQlq/X
Behavioral task
behavioral1
Sample
021aee7b57d635b674117d8c29d6f657_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
021aee7b57d635b674117d8c29d6f657_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://geevida.com/wp-admin/DhWo/
http://elrofanfoods.com/wp-admin/qc/
https://volcanict.com/wp-admin/LfWFF/
http://xmjadever.com/wp-admin/FTOXI/
https://gbmcleaning.com/1/Gdk5eqv/
https://kingchuen.com/cgi-bin/KQ/
https://billc46.com/uf65/H4/
Targets
-
-
Target
021aee7b57d635b674117d8c29d6f657_JaffaCakes118
-
Size
171KB
-
MD5
021aee7b57d635b674117d8c29d6f657
-
SHA1
39a18ef54895b363fcf1ee6b798ee135d8dead5f
-
SHA256
babaf8e764b3bc4f5fef74de7d819fa533ebf675d69174df27c5e0ae20174eca
-
SHA512
256e65379ae3e2ea9f98d1eb777236148a43a318360c39e62ed5a9582b1e9fde9cd706694f76246b171fac6f1599a6135ee194eb772fccb1540345189fd9581d
-
SSDEEP
1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5ic:yrfrzOH98ipg9PLQlq/X
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-