General
-
Target
4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118
-
Size
134KB
-
Sample
240516-p3nqpsea37
-
MD5
4b290e4a9c72a8ccb01a945a516d06e8
-
SHA1
459ec7d526faf4138ee50a0899c8f385e9df037c
-
SHA256
d07bbf9636c223b83dfe333c0428b41b909c19321e5f208bb805a2869cb358d5
-
SHA512
17d3bd4060dd8b5f1b57f9cf03741cdfb443e8226cdfbffff32059d3ae8c74a6556ed20658776fc2aef6df8eece7fab1334e7bfeafc1bea0d0579fb65b0ada09
-
SSDEEP
3072:FkGBPFJjA948rgSPj/5hyxXO+FMv3V1BUo62Yzs3oFAYxPxTqf7p1ftmZS:FkGBPFJjA94Vkj+xh+vTCoAs3oRPxTqc
Behavioral task
behavioral1
Sample
4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://www.studiomovil.com.mx/wp-content/erRpJAmInz/
http://krzewy-przemysl.pl/wp-includes/yf1etsmsp_esqjtujn-589/
http://laalpina.cl/sisi/cncXoJaqj/
http://aysotogaziantep.com/wp-content/DSovUnSbnf/
http://www.noshnow.co.uk/ybzew/wMaxwSMC/
Targets
-
-
Target
4b290e4a9c72a8ccb01a945a516d06e8_JaffaCakes118
-
Size
134KB
-
MD5
4b290e4a9c72a8ccb01a945a516d06e8
-
SHA1
459ec7d526faf4138ee50a0899c8f385e9df037c
-
SHA256
d07bbf9636c223b83dfe333c0428b41b909c19321e5f208bb805a2869cb358d5
-
SHA512
17d3bd4060dd8b5f1b57f9cf03741cdfb443e8226cdfbffff32059d3ae8c74a6556ed20658776fc2aef6df8eece7fab1334e7bfeafc1bea0d0579fb65b0ada09
-
SSDEEP
3072:FkGBPFJjA948rgSPj/5hyxXO+FMv3V1BUo62Yzs3oFAYxPxTqf7p1ftmZS:FkGBPFJjA94Vkj+xh+vTCoAs3oRPxTqc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-