General
-
Target
52c84a69e2cd72e084959c2d40de0368_JaffaCakes118
-
Size
221KB
-
Sample
240518-dnhelahd5t
-
MD5
52c84a69e2cd72e084959c2d40de0368
-
SHA1
7587eacfa4ade77e4edd34f69969c873b9631a75
-
SHA256
009cb1f25f52bbb9acc3d8d5bbe8c6c13aade01181c554c8fcdfbd0c3b004ef7
-
SHA512
0ec23a200e4665277349f58617a5b3f33628920d365c04e41efb26c6d295852d9402ed4907b49bb466f37d96f80156959491a6f621a7810123ed5415fea0e9c7
-
SSDEEP
3072:AdgaE5eDjYzqJrz+9fMK+vEvNEKgsnc7xSqIOTViwkmqEfOEHj:Ad9DjSqF+KK+cvNHJnQxH9Mmtfrj
Behavioral task
behavioral1
Sample
52c84a69e2cd72e084959c2d40de0368_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
52c84a69e2cd72e084959c2d40de0368_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://amor.official.pw/f3sqVF/
http://t-p-e.net/M8uZOL/
http://www.erzotech.eu/esimB50/
http://csaregiment.pl/2Sms/
Targets
-
-
Target
52c84a69e2cd72e084959c2d40de0368_JaffaCakes118
-
Size
221KB
-
MD5
52c84a69e2cd72e084959c2d40de0368
-
SHA1
7587eacfa4ade77e4edd34f69969c873b9631a75
-
SHA256
009cb1f25f52bbb9acc3d8d5bbe8c6c13aade01181c554c8fcdfbd0c3b004ef7
-
SHA512
0ec23a200e4665277349f58617a5b3f33628920d365c04e41efb26c6d295852d9402ed4907b49bb466f37d96f80156959491a6f621a7810123ed5415fea0e9c7
-
SSDEEP
3072:AdgaE5eDjYzqJrz+9fMK+vEvNEKgsnc7xSqIOTViwkmqEfOEHj:Ad9DjSqF+KK+cvNHJnQxH9Mmtfrj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-