General
-
Target
56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118
-
Size
117KB
-
Sample
240518-1gy54ahe25
-
MD5
56ebe183ee8a2af468425878d7c58fe7
-
SHA1
a1bcc7569e56c28bdb2247a08087f6bdd17a37d3
-
SHA256
670b4cabc19e632907f7817268989bc392f432ac80526ec97345bc9b7a17e563
-
SHA512
82076175b16975fb9b3923b85e7fd135289f226f7284872a0ede87243b843053775cb0a911dcd4a7622931585b3c4760aafddfa3a14f35a08d41b1f08a7b27ff
-
SSDEEP
1536:SptJlmrJpmxlRw99NBC+aitrdIJCmF4yPOpixUgp/0aorGDlP3K3IcF4:Ote2dw99fBSJCjKOgr/BGA3qlF
Behavioral task
behavioral1
Sample
56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://www.perfectdrivers.com/HQ3h1U5
http://www.haraldweinbrecht.com/t5
http://www.imankeyvani.ir/9
http://www.jbe.ro/K8beLbH
http://www.egepos.com/32K1Vw
Targets
-
-
Target
56ebe183ee8a2af468425878d7c58fe7_JaffaCakes118
-
Size
117KB
-
MD5
56ebe183ee8a2af468425878d7c58fe7
-
SHA1
a1bcc7569e56c28bdb2247a08087f6bdd17a37d3
-
SHA256
670b4cabc19e632907f7817268989bc392f432ac80526ec97345bc9b7a17e563
-
SHA512
82076175b16975fb9b3923b85e7fd135289f226f7284872a0ede87243b843053775cb0a911dcd4a7622931585b3c4760aafddfa3a14f35a08d41b1f08a7b27ff
-
SSDEEP
1536:SptJlmrJpmxlRw99NBC+aitrdIJCmF4yPOpixUgp/0aorGDlP3K3IcF4:Ote2dw99fBSJCjKOgr/BGA3qlF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-