General
-
Target
5363d121f8a11e509b99ce2734c313a2_JaffaCakes118
-
Size
78KB
-
Sample
240518-hapc7sga24
-
MD5
5363d121f8a11e509b99ce2734c313a2
-
SHA1
7710969f61d0f501dddeb143c42d0b6df3198a0e
-
SHA256
cf187c7e1b979a14bbea861c7521838c0108c65c0f82465c0a30cddf16f4bea6
-
SHA512
3831de3b76fa0244782d512087c6caa3e562786fbfcfcce55f9fe51677939ce720c8f3f709aebd7b6db019cb5d9c153a3c24635b5541c7ed1963357d0164de36
-
SSDEEP
1536:SptJlmrJpmxlRw99NBk+aHyU4rTDUdUNAMeWT:Ote2dw99fq4r3UdqAMe
Behavioral task
behavioral1
Sample
5363d121f8a11e509b99ce2734c313a2_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5363d121f8a11e509b99ce2734c313a2_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://blog.bctianfu.cn/4
http://mail.vcacademy.lk/5nLo
http://lamemoria.in/2ib2Pt
http://tropicalislandrealtyofflorida.com/NNqM7W
http://businessarbitr.ru/E
Targets
-
-
Target
5363d121f8a11e509b99ce2734c313a2_JaffaCakes118
-
Size
78KB
-
MD5
5363d121f8a11e509b99ce2734c313a2
-
SHA1
7710969f61d0f501dddeb143c42d0b6df3198a0e
-
SHA256
cf187c7e1b979a14bbea861c7521838c0108c65c0f82465c0a30cddf16f4bea6
-
SHA512
3831de3b76fa0244782d512087c6caa3e562786fbfcfcce55f9fe51677939ce720c8f3f709aebd7b6db019cb5d9c153a3c24635b5541c7ed1963357d0164de36
-
SSDEEP
1536:SptJlmrJpmxlRw99NBk+aHyU4rTDUdUNAMeWT:Ote2dw99fq4r3UdqAMe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-