General
-
Target
03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118
-
Size
214KB
-
Sample
240427-nbjr1ahc72
-
MD5
03206d6d1361e5c95db9a0715b1a56d8
-
SHA1
73bdefab7414a9594a3bb430028afb7854a681e8
-
SHA256
9de3bc7c39ba2edd50b190c48781010f46b42995ca0c5ae7be8b8c0fbb181ec4
-
SHA512
73118b73d9b96eecd00d4ed78d04233f5d69712ce42ab8686553b7f351d3bfdc1fb59ba5540c3d7ab0a01065a3a8cfc96755d4c5f53ec0c6b3e960c613838bcf
-
SSDEEP
1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9hkLShGkVAelnXv:222TWTogk079THcpOu5UZ0WhGMlnrb
Behavioral task
behavioral1
Sample
03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://dongyabingfu.com/wp-includes/w/
http://givingthanksdaily.com/Q/
http://uniteddatabase.net/wp-admin/dhJ/
http://www.gozowindmill.com/meteo/nmy/
http://kcdryervents.com/ca/D/
http://www.greaudstudio.com/docs/kGQ/
https://mrveggy.com/erros/3Ss/
Targets
-
-
Target
03206d6d1361e5c95db9a0715b1a56d8_JaffaCakes118
-
Size
214KB
-
MD5
03206d6d1361e5c95db9a0715b1a56d8
-
SHA1
73bdefab7414a9594a3bb430028afb7854a681e8
-
SHA256
9de3bc7c39ba2edd50b190c48781010f46b42995ca0c5ae7be8b8c0fbb181ec4
-
SHA512
73118b73d9b96eecd00d4ed78d04233f5d69712ce42ab8686553b7f351d3bfdc1fb59ba5540c3d7ab0a01065a3a8cfc96755d4c5f53ec0c6b3e960c613838bcf
-
SSDEEP
1536:2B445TEgrO3jSWAg83tle1ZZ0293QM0eetR2cOupLB5UZ55+a9hkLShGkVAelnXv:222TWTogk079THcpOu5UZ0WhGMlnrb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-