General
-
Target
2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118
-
Size
92KB
-
Sample
240510-l2gn8abf43
-
MD5
2e9496f1bd7907cee328c5e784c9bbeb
-
SHA1
47d5a2eafa82026ce50c1e6f907df12c75cda61e
-
SHA256
2574968952cc3183441222780dfea92185b40c11f72b9fcacfc0a450d1190dfd
-
SHA512
f75a1c6986a5bd04644736bbe80dc4e8de228fabe654d062d4964ac832ac51f8f73dbce17661df05b94b825a35029589b9ef26fd544dfa62c4e19e1c506cc241
-
SSDEEP
1536:FTxjwKZ09cB7y9ghN8+mQ90MT/+aRjHOY6X/cN:FxjnB29gb8onwPUN
Behavioral task
behavioral1
Sample
2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://kamin-sauna.com.ua/whVeJ8l
http://ekuvshinova.com/udfQrgHr
http://timlinger.com/rM
http://cm2.com.br/oS
http://dfinformatica.com.br/site/wp-includes/images/crystal/gT
Targets
-
-
Target
2e9496f1bd7907cee328c5e784c9bbeb_JaffaCakes118
-
Size
92KB
-
MD5
2e9496f1bd7907cee328c5e784c9bbeb
-
SHA1
47d5a2eafa82026ce50c1e6f907df12c75cda61e
-
SHA256
2574968952cc3183441222780dfea92185b40c11f72b9fcacfc0a450d1190dfd
-
SHA512
f75a1c6986a5bd04644736bbe80dc4e8de228fabe654d062d4964ac832ac51f8f73dbce17661df05b94b825a35029589b9ef26fd544dfa62c4e19e1c506cc241
-
SSDEEP
1536:FTxjwKZ09cB7y9ghN8+mQ90MT/+aRjHOY6X/cN:FxjnB29gb8onwPUN
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-