General
-
Target
0f1827b72d05842dcb534459bc414d1c_JaffaCakes118
-
Size
873KB
-
Sample
240502-227hmsah54
-
MD5
0f1827b72d05842dcb534459bc414d1c
-
SHA1
71b62f60326c8d027af34a5c1f39ae2d7a325266
-
SHA256
3e182b7a7af8f09fa8e9c6b371e056ec89a52aac9e6b0fafb8f9180aaae82d36
-
SHA512
81439ecfc7e5234375de1e8ed6aaf09183a4003f11e744499ea79c5eb65d7c8e2abd05956294feac272b63276b3def372c2936ccb33ccd4d2472b4355d131d96
-
SSDEEP
12288:SrQcsLtffft++++yrrFRRlerRRa/L/L/L/QKKgWlWlWldOzWebfjR0y+RoHbyvYR:SrZzPblv+R2ynbYB
Static task
static1
Behavioral task
behavioral1
Sample
0f1827b72d05842dcb534459bc414d1c_JaffaCakes118.rtf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
0f1827b72d05842dcb534459bc414d1c_JaffaCakes118.rtf
Resource
win10v2004-20240419-en
Malware Config
Extracted
formbook
3.9
ma
adsromnewspapers.com
baqpb.info
pazziperisocial.com
societefinition.com
mushabop.com
cryptoselection.com
bladdercancertreatment3.click
in272wceo.biz
aduanera.info
yogaenelcamino.com
elektroniksigaracim.net
houstonkitchenandbathdesign.com
thebibliophiles.com
deinuhren.sale
reliefnow.info
horsetherapyfortcollins.com
beluxuryseniorhomesnow.live
ranacecontractors.com
glassyice.men
pharmacie-moitier-albert.com
xhtd196.com
xn--joanagnther-yhb.com
weeddispensarynearme.info
zy8667.com
yuegou5689.com
juegosdemesa.online
longboardstores.com
jtmranchcontracting.com
xn--b9j9hybuc227x686bfrzb.com
yuexiaoyang.com
steelstructurefactory.com
girluno.com
nqbdc.com
suzymckeever.com
bacevi.com
cessionecredito-ecobonus.info
chknntwk.com
sliu789.com
mensshortsvip.win
servicequestionid.com
hz-bim.com
cellscience.life
shchxx.com
piseando.com
awakenyourchakras.online
b2branking.site
sheinve.com
futuretechus.com
f1x2.team
kte6158.com
laringocontrol.com
gomphukien.com
zf6xes-f.com
alexandrialeavenworth.com
inner-drynail.com
merangsang.com
housejoglo.com
ly8816.com
bamtourandtravel.com
gmgarquitectura.cat
bellamymusicandtutoring.com
smilingswan.com
rnxlk.com
kartled.com
lyricmes.com
Targets
-
-
Target
0f1827b72d05842dcb534459bc414d1c_JaffaCakes118
-
Size
873KB
-
MD5
0f1827b72d05842dcb534459bc414d1c
-
SHA1
71b62f60326c8d027af34a5c1f39ae2d7a325266
-
SHA256
3e182b7a7af8f09fa8e9c6b371e056ec89a52aac9e6b0fafb8f9180aaae82d36
-
SHA512
81439ecfc7e5234375de1e8ed6aaf09183a4003f11e744499ea79c5eb65d7c8e2abd05956294feac272b63276b3def372c2936ccb33ccd4d2472b4355d131d96
-
SSDEEP
12288:SrQcsLtffft++++yrrFRRlerRRa/L/L/L/QKKgWlWlWldOzWebfjR0y+RoHbyvYR:SrZzPblv+R2ynbYB
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-