General
-
Target
0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118
-
Size
199KB
-
Sample
240427-npafgshe99
-
MD5
0328d3b071688ec4a2859234f09a0fa2
-
SHA1
2744c938d41e20e87b0de00dfefa4313e8a61ffe
-
SHA256
06312595c314eb6f890b8e7a5111dafd625ce21c4e6ba6094d446924895e2a1a
-
SHA512
f7cbfbbad1bd741e2407e1ebc39ab1048ee99cd457b1c357f1fca69daf9ab2b0c667dabde4771a407961baefacae89d98517af44ed74da39e44503fc512b784e
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZXpfRvAKpXRT:d/TX07hHcJQdhT
Behavioral task
behavioral1
Sample
0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118.doc
Resource
win10v2004-20240419-en
Malware Config
Extracted
http://ora-ks.com/system/cache/MF1h/
http://megasolucoesti.com/R9KDq0O8w/s3/
http://buyparrotsaustralia.com/4318z/q/
https://dubai-homes.ae/wp-admin/4v/
http://adventureitdate.com/wp-admin/7/
http://blog.zunapro.com/wp-admin/GoSV/
https://fepami.com/wp-includes/h/
Targets
-
-
Target
0328d3b071688ec4a2859234f09a0fa2_JaffaCakes118
-
Size
199KB
-
MD5
0328d3b071688ec4a2859234f09a0fa2
-
SHA1
2744c938d41e20e87b0de00dfefa4313e8a61ffe
-
SHA256
06312595c314eb6f890b8e7a5111dafd625ce21c4e6ba6094d446924895e2a1a
-
SHA512
f7cbfbbad1bd741e2407e1ebc39ab1048ee99cd457b1c357f1fca69daf9ab2b0c667dabde4771a407961baefacae89d98517af44ed74da39e44503fc512b784e
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZXpfRvAKpXRT:d/TX07hHcJQdhT
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-