General
-
Target
28d038b8af4c15606af45f46288044ab_JaffaCakes118
-
Size
136KB
-
Sample
240509-hq759afa7v
-
MD5
28d038b8af4c15606af45f46288044ab
-
SHA1
ec2f0e61f236865b5ea16aa610775ff5bebbaec5
-
SHA256
6273492f7425010ac115b511226334f85378b15d21cf49e27e8ab35503a55adf
-
SHA512
640afe19a0240b953e500d200464f58819638310bad31dcf3ca80e70c565ff7e9da6636557a09350ead017a7843ba58d7b4ba130b46f46f51eb5983dd6ebedcb
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8q0PNt4LQRnfgsbBU:a77HUUUUUUUUUUUUUUUUUUUT52VZSLQa
Static task
static1
Behavioral task
behavioral1
Sample
28d038b8af4c15606af45f46288044ab_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28d038b8af4c15606af45f46288044ab_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://drmarins.com/engl/pCAdOLWLJ/
http://hybridbusinesssolutions.com.au/cgi-bin/t6ye0j_wyhf4yw-2/
http://durakbufecengelkoy.com/wp-includes/GrIBQTnoO/
http://performancevitality.net/partner/rq2totv_bryhdqjc2-17320/
http://tnrkentonode.com/wp-admin/vxaljneq_f9vcwvsz03-015845519/
Targets
-
-
Target
28d038b8af4c15606af45f46288044ab_JaffaCakes118
-
Size
136KB
-
MD5
28d038b8af4c15606af45f46288044ab
-
SHA1
ec2f0e61f236865b5ea16aa610775ff5bebbaec5
-
SHA256
6273492f7425010ac115b511226334f85378b15d21cf49e27e8ab35503a55adf
-
SHA512
640afe19a0240b953e500d200464f58819638310bad31dcf3ca80e70c565ff7e9da6636557a09350ead017a7843ba58d7b4ba130b46f46f51eb5983dd6ebedcb
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8q0PNt4LQRnfgsbBU:a77HUUUUUUUUUUUUUUUUUUUT52VZSLQa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-