General
-
Target
5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.bin
-
Size
114KB
-
Sample
240517-3dmc8sge5v
-
MD5
5076c1f719f8579daeef8a9c6c20a391
-
SHA1
a494ca82011e12a9fa8b6cf5f6e63cbc9729483b
-
SHA256
2e650a98d1ec0c382a023e11ccb06d0b82624ab1549c5cf38d0e786e454f1d9b
-
SHA512
895df25fe9faee365273f8c535104f6ede7f64fd49c923d400c4e66dcbde54e930ad00b9c9f8d5850ab93fbd8b1b0e2c43cb08f3863431b9ef5c641bf4a02817
-
SSDEEP
1536:NptJlmrJpmxlRw99NB8+aXvV4UEXU0zqF1voveYhnpC:Tte2dw99fA5IzqFyew
Behavioral task
behavioral1
Sample
5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://iptestlabs.com/e8SQobgq
https://mi-esquina.com/UUJHn6Pl0e
http://ogoslon.com.ua/kZpLoa2
http://ivcn.ru/7J5QifLd
http://abcresteconsulting.com/9ZVYiddq
Targets
-
-
Target
5076c1f719f8579daeef8a9c6c20a391JaffaCakes118.bin
-
Size
114KB
-
MD5
5076c1f719f8579daeef8a9c6c20a391
-
SHA1
a494ca82011e12a9fa8b6cf5f6e63cbc9729483b
-
SHA256
2e650a98d1ec0c382a023e11ccb06d0b82624ab1549c5cf38d0e786e454f1d9b
-
SHA512
895df25fe9faee365273f8c535104f6ede7f64fd49c923d400c4e66dcbde54e930ad00b9c9f8d5850ab93fbd8b1b0e2c43cb08f3863431b9ef5c641bf4a02817
-
SSDEEP
1536:NptJlmrJpmxlRw99NB8+aXvV4UEXU0zqF1voveYhnpC:Tte2dw99fA5IzqFyew
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-