General
-
Target
52e42512e5ee3502948669046e904fd2_JaffaCakes118
-
Size
80KB
-
Sample
240518-eblrxsae7x
-
MD5
52e42512e5ee3502948669046e904fd2
-
SHA1
5b9e971cbd3b4eb4e541a3da1f4bea51c2c86aa5
-
SHA256
fed4bfe887b4db55db0fffc5f2d6dd8b8a0204c019ca27fbe496aa73c20b97ca
-
SHA512
e7c2812d1a22b0159669d408cd8718fe78fef879f71babfa4f760024b84e065570417470095a8476c8b002c4c7e82f77969984fce5ae08e808e7b9a0336f5910
-
SSDEEP
1536:xptJlmrJpmxlRw99NBL+aLaPkEaaXQiFKLd:vte2dw99fmkBaXQi
Behavioral task
behavioral1
Sample
52e42512e5ee3502948669046e904fd2_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
52e42512e5ee3502948669046e904fd2_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://webmounts.co.ke/rmFksbPG
http://pengacaraperceraian.pengacaratopsurabaya.com/s6
http://wp1.lukas.fr/9lvv9kkr
http://marbdobrasil.com/3X
http://repro4.com/website/wp-content/uploads/Hbdsm
Targets
-
-
Target
52e42512e5ee3502948669046e904fd2_JaffaCakes118
-
Size
80KB
-
MD5
52e42512e5ee3502948669046e904fd2
-
SHA1
5b9e971cbd3b4eb4e541a3da1f4bea51c2c86aa5
-
SHA256
fed4bfe887b4db55db0fffc5f2d6dd8b8a0204c019ca27fbe496aa73c20b97ca
-
SHA512
e7c2812d1a22b0159669d408cd8718fe78fef879f71babfa4f760024b84e065570417470095a8476c8b002c4c7e82f77969984fce5ae08e808e7b9a0336f5910
-
SSDEEP
1536:xptJlmrJpmxlRw99NBL+aLaPkEaaXQiFKLd:vte2dw99fmkBaXQi
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-