General
-
Target
02af40dabd11d5da64f86c23abccc8be_JaffaCakes118
-
Size
232KB
-
Sample
240427-hvsw5aeb4t
-
MD5
02af40dabd11d5da64f86c23abccc8be
-
SHA1
b6979af622150d5fc1903c97598534542de5798d
-
SHA256
35d64e2069f309ea21d5da7ad5f114c17783e14eb7c28bfcb9b9c88d41fc7992
-
SHA512
ff7c8fdc6564b7c3dede75e774d2475ae89112e567512338da84cb50e12d6cfff4ad4965b74e01ee8b9c6bca5b42e671ad7df671a473c7d5fb61eb6478b2fa09
-
SSDEEP
3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgkVXfKl6wsRp:7HgtEWPsL/aTyT9GkgklfKl6wsD
Behavioral task
behavioral1
Sample
02af40dabd11d5da64f86c23abccc8be_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
02af40dabd11d5da64f86c23abccc8be_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://seedsagro.com/wp-content/MZ9Qd/
http://aribsalin.ematj.com/up/E9Oj3tPaCk/
http://dawood-elmoratel.ematj.com/wp-admin/eDORY317/
http://khudothiaquacity.com/wp-admin/FLgiVM8/
http://gpzjw8.net/ekjsn/AV785131/
Targets
-
-
Target
02af40dabd11d5da64f86c23abccc8be_JaffaCakes118
-
Size
232KB
-
MD5
02af40dabd11d5da64f86c23abccc8be
-
SHA1
b6979af622150d5fc1903c97598534542de5798d
-
SHA256
35d64e2069f309ea21d5da7ad5f114c17783e14eb7c28bfcb9b9c88d41fc7992
-
SHA512
ff7c8fdc6564b7c3dede75e774d2475ae89112e567512338da84cb50e12d6cfff4ad4965b74e01ee8b9c6bca5b42e671ad7df671a473c7d5fb61eb6478b2fa09
-
SSDEEP
3072:7j6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkgkVXfKl6wsRp:7HgtEWPsL/aTyT9GkgklfKl6wsD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-