General
-
Target
484719270dca5b2e2c14063435b59d0f_JaffaCakes118
-
Size
110KB
-
Sample
240515-15yjgaef8v
-
MD5
484719270dca5b2e2c14063435b59d0f
-
SHA1
4ba82eed3efbdf1fa2674d625df593cd88d0b452
-
SHA256
6a773a62f398ff48ddfb62bc662bcec5106b3c02f2aa742b80d12a0d37cb04e6
-
SHA512
da2aeda10faf5e7964ea8f290fc005bc87e8a3618373ae711018f7150bc9488d43a8d4e130375ffe1b2b6aae111f0028b77c7e53224cf712b5d056417874df7f
-
SSDEEP
1536:KzIkXkfsRNwX0A8K+agil7EB4m3TxX8V:dkhwX+0dEOMX8V
Behavioral task
behavioral1
Sample
484719270dca5b2e2c14063435b59d0f_JaffaCakes118.msg
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
484719270dca5b2e2c14063435b59d0f_JaffaCakes118.msg
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Payroll Report.doc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Payroll Report.doc
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Payroll Report.pdf
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Payroll Report.pdf
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
484719270dca5b2e2c14063435b59d0f_JaffaCakes118
-
Size
110KB
-
MD5
484719270dca5b2e2c14063435b59d0f
-
SHA1
4ba82eed3efbdf1fa2674d625df593cd88d0b452
-
SHA256
6a773a62f398ff48ddfb62bc662bcec5106b3c02f2aa742b80d12a0d37cb04e6
-
SHA512
da2aeda10faf5e7964ea8f290fc005bc87e8a3618373ae711018f7150bc9488d43a8d4e130375ffe1b2b6aae111f0028b77c7e53224cf712b5d056417874df7f
-
SSDEEP
1536:KzIkXkfsRNwX0A8K+agil7EB4m3TxX8V:dkhwX+0dEOMX8V
Score5/10-
Drops file in System32 directory
-
-
-
Target
Payroll Report.doc
-
Size
84KB
-
MD5
bb1c3c4c38c803e3f12c446334ccb131
-
SHA1
d549a46a8f252e2396c300faab643041294ec9f0
-
SHA256
30df69feade4ca930c04d3321ba028f7a69e5f60e2b1a3cce05eac288799bd42
-
SHA512
7f2ce1cce36ec7bae36aab3352dd2ca507a0762bd63472f23f0b40ec3ac87701380f8f017205c82013beb96d9ee1603bff328a8934acc12f4bc8ec5db06c64fd
-
SSDEEP
768:wkfsR34+NaX1ucR3MK+1ogtqFTa3g1BS64XLU8vL1VzK9N5C6m3TxX8V:wkfsRNwX0A8K+agil7EB4m3TxX8V
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
Payroll Report.pdf
-
Size
3KB
-
MD5
c7055cb09c9dd62f4a75c16bbfd352bb
-
SHA1
5e06e90a66514623cb770a4ef3a5a442b0c55509
-
SHA256
f049e45be8ad402769341122103dd087f7b3801469e5bc6f5e1521e938e12c55
-
SHA512
e99784ca929b29b790beed1e7dbf5c20036b7aee929f86216aabeb622e0024508f963c70a4b7531a2b5ad4ef2a958cf912a71b4ee2af4cb73b22972357d4ca58
Score1/10 -