General
-
Target
5037ff6b709db5b24239f90256b800b4_JaffaCakes118
-
Size
155KB
-
Sample
240517-s1dphaed23
-
MD5
5037ff6b709db5b24239f90256b800b4
-
SHA1
5315d99f5f0552777c3a16a6ab5fdc455f86ddbb
-
SHA256
afd6940f7201824355e52ff193f809f8ab9aad69a1e86b1b3ded184726096065
-
SHA512
02553a8d3343297a1bb6c59ca4801fea0d4e01f9f6076e768053cf86e56fa804af9b230424b60783bce1c072c3874d6ff9dfd1f6458b120266d0f6557b06e1ef
-
SSDEEP
3072:e4eOY5CTsdA93NbBEPzMziPmFdomccjCshT3mmC1YZQXfTaM7vtX:eTbsbiIziPmFdomXBV3mL1YZQXfvvtX
Behavioral task
behavioral1
Sample
5037ff6b709db5b24239f90256b800b4_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5037ff6b709db5b24239f90256b800b4_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://www.atuteb.com/wp-content/themes/xy/
http://darthgoat.com/files/vq2V/
http://mifida-myanmar.com/wp-includes/ishN/
http://ragnar.net/cgi-bin/lFGs9/
http://sama-woocommerce-application.com/demo/nxQtT/
Targets
-
-
Target
5037ff6b709db5b24239f90256b800b4_JaffaCakes118
-
Size
155KB
-
MD5
5037ff6b709db5b24239f90256b800b4
-
SHA1
5315d99f5f0552777c3a16a6ab5fdc455f86ddbb
-
SHA256
afd6940f7201824355e52ff193f809f8ab9aad69a1e86b1b3ded184726096065
-
SHA512
02553a8d3343297a1bb6c59ca4801fea0d4e01f9f6076e768053cf86e56fa804af9b230424b60783bce1c072c3874d6ff9dfd1f6458b120266d0f6557b06e1ef
-
SSDEEP
3072:e4eOY5CTsdA93NbBEPzMziPmFdomccjCshT3mmC1YZQXfTaM7vtX:eTbsbiIziPmFdomXBV3mL1YZQXfvvtX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-