General
-
Target
03028f56a04c34a9d6b3a5713f9d14c1_JaffaCakes118
-
Size
233KB
-
Sample
240427-l5wbsagh8x
-
MD5
03028f56a04c34a9d6b3a5713f9d14c1
-
SHA1
014bd96c260ec62e905574d29fb7da6603a52ab2
-
SHA256
b2ba5a5b7b05458b31c721e5e504a21d56a7c87fc110173fec0e753e8d35b09e
-
SHA512
9e23081eefc8af307d18885ec92d2e37deb5c3b03f7ae10de9b7ed44a010d2e20dd1bcf0c91a8f1a2d304f96c53d35be2d493bb3f2fbc239414aef5bfad583ed
-
SSDEEP
3072:wj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkUUz/qybwsqo:wHgtEWPsL/aTyT9GkU4Lwsqo
Behavioral task
behavioral1
Sample
03028f56a04c34a9d6b3a5713f9d14c1_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
03028f56a04c34a9d6b3a5713f9d14c1_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://muliarental.com/f9u8w-mrs-88/VWVA/
https://dev.dosily.in/wp-content/qyY/
http://behnasan.com/wp-content/uZRqx/
http://www.leframe.com/zcMv/tATDYnJy/
http://runderfulthailand.com/jkats/LvJDvtg8270/
Targets
-
-
Target
03028f56a04c34a9d6b3a5713f9d14c1_JaffaCakes118
-
Size
233KB
-
MD5
03028f56a04c34a9d6b3a5713f9d14c1
-
SHA1
014bd96c260ec62e905574d29fb7da6603a52ab2
-
SHA256
b2ba5a5b7b05458b31c721e5e504a21d56a7c87fc110173fec0e753e8d35b09e
-
SHA512
9e23081eefc8af307d18885ec92d2e37deb5c3b03f7ae10de9b7ed44a010d2e20dd1bcf0c91a8f1a2d304f96c53d35be2d493bb3f2fbc239414aef5bfad583ed
-
SSDEEP
3072:wj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkUUz/qybwsqo:wHgtEWPsL/aTyT9GkU4Lwsqo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-