General
-
Target
027f4f23560db81d2840e96de3be4390_JaffaCakes118
-
Size
152KB
-
Sample
240427-ft7msace7y
-
MD5
027f4f23560db81d2840e96de3be4390
-
SHA1
f948084cbd42640ec8eb8215d83a0dbb0c0eea74
-
SHA256
d0dcbde5aede4521f1d0489d388b91bd821e1974f6638e733c3666be52be48c2
-
SHA512
cc4afca29d0bae8ac88af8e1b5d6c1a2f47c6f8a5ecb4dc4a33b60ba13f77fefd9a1b3f6a09d5f219abf37b9ac9a7275a78d9f29b00b1a69e9df629526febd1f
-
SSDEEP
1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9urqYzE4gLPPxzwP:irfrzOH98ipgUqYzE4mxzwP
Behavioral task
behavioral1
Sample
027f4f23560db81d2840e96de3be4390_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
027f4f23560db81d2840e96de3be4390_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://www.gozowindmill.com/meteo/97/
http://www.greaudstudio.com/docs/Z/
https://b176f.cn/wp-admin/1/
https://blog.socialpill.in/jdzetd/fZuInax/
http://maisshake.com.br/wp-includes/dPmzV1/
http://mesdelicesitaliens.fr/wp-admin/tSlCBpP/
http://grndl.com/oinj/j4/
Targets
-
-
Target
027f4f23560db81d2840e96de3be4390_JaffaCakes118
-
Size
152KB
-
MD5
027f4f23560db81d2840e96de3be4390
-
SHA1
f948084cbd42640ec8eb8215d83a0dbb0c0eea74
-
SHA256
d0dcbde5aede4521f1d0489d388b91bd821e1974f6638e733c3666be52be48c2
-
SHA512
cc4afca29d0bae8ac88af8e1b5d6c1a2f47c6f8a5ecb4dc4a33b60ba13f77fefd9a1b3f6a09d5f219abf37b9ac9a7275a78d9f29b00b1a69e9df629526febd1f
-
SSDEEP
1536:sgtIgPgtIgxrdi1Ir77zOH98Wj2gpngR+a9urqYzE4gLPPxzwP:irfrzOH98ipgUqYzE4mxzwP
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-