General
-
Target
3e99730c608288d9f8bd5b449f7b569d_JaffaCakes118
-
Size
842KB
-
Sample
240513-kh38faee8v
-
MD5
3e99730c608288d9f8bd5b449f7b569d
-
SHA1
e4f9448e0736ecef7d3d32e46b273a6e06298031
-
SHA256
8ff83f63f6948a0c8cbdd22b968013bd24f4ef16a88077cf24753ddb0e3d71e7
-
SHA512
18fa7afbdae95b683ae65df719eb7382441aec9f9c3eab52ab3419d86eb39b56bdc88861f4767a5fb5fe30720682c7fd604681daf02a92f18eb34af00be80184
-
SSDEEP
12288:wn+WhWEyIu3Olcw4fqUGRCpWC9dGNdmTa+WtYthYxwNTqU2AZffUplcw4GZ:wnIRIllchfqUGRC39sNdmXDNeU2rlchK
Static task
static1
Behavioral task
behavioral1
Sample
3e99730c608288d9f8bd5b449f7b569d_JaffaCakes118.rtf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
3e99730c608288d9f8bd5b449f7b569d_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.8
ch56
valle-estetica.com
buscanime.com
tiankailab.com
acuityrecovery.com
wwwyl8877.com
therapeute-animalier.com
zamfab.com
boolee.net
zadora.info
alsnh.com
morriganewalker.com
uniqlowin.com
sunvalleypv.com
photobrainz.net
ekvos.com
hannahghairdesign.com
wboet.info
sunshadeswindowblinds.com
sparepartsbook.com
dominicle.com
l8xsylc.com
damaged-cars.com
nycmassageankeny.com
janetmcpherson.com
reverenceheights.com
treatsee.com
elcheapoeliquid.com
yogadancegirl.com
piestreet.com
preparateconprep.com
vrolijks-venomous-snakes.com
gougenheimdesigns.com
melissalynnpearce.com
cryptoticket.network
wecancoding.com
kobax.ltd
stephenprice-creative.com
exteriorcleaning.services
peepingking.com
werncommunications.com
happynewyear-2018images.com
fitzsnaggle.com
stered-dainesses.com
meditation-ascensionnelle.com
jinshavip93.com
mistral-shop.net
actorandadventurer.com
ourlist.online
dondavisca.com
mountainwarelhouse.com
gj0209.com
expecting.biz
dqbhy.com
prawodlalekarzy.info
contexto.digital
hf1w4z3qxsh.biz
la-conciergerie-responsable.com
xn--bcher-kva.link
brodwave.com
laoyeshutea.com
serapeptaza.info
yourbigfree4updates.win
littleturtlebooks.com
iosappleapp.com
drylipc.com
Targets
-
-
Target
3e99730c608288d9f8bd5b449f7b569d_JaffaCakes118
-
Size
842KB
-
MD5
3e99730c608288d9f8bd5b449f7b569d
-
SHA1
e4f9448e0736ecef7d3d32e46b273a6e06298031
-
SHA256
8ff83f63f6948a0c8cbdd22b968013bd24f4ef16a88077cf24753ddb0e3d71e7
-
SHA512
18fa7afbdae95b683ae65df719eb7382441aec9f9c3eab52ab3419d86eb39b56bdc88861f4767a5fb5fe30720682c7fd604681daf02a92f18eb34af00be80184
-
SSDEEP
12288:wn+WhWEyIu3Olcw4fqUGRCpWC9dGNdmTa+WtYthYxwNTqU2AZffUplcw4GZ:wnIRIllchfqUGRC39sNdmXDNeU2rlchK
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-