General
-
Target
54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118
-
Size
81KB
-
Sample
240518-l2d84aed36
-
MD5
54311c77bf34c7cabfb8db1eb9fc8656
-
SHA1
611267ff2275d53bedfae15ff69561d0e1a319a1
-
SHA256
51a0668ec04b51d7d72a06d9ff811c2ff3d2e03a05f7e126753861e54cb1cf5c
-
SHA512
4e3a0e39e00e1b8aa58f6d0048e7e3c7dee0a456b26ce24b312964e932b5181622b9ddfdd94c36327ea318cb698331d00ad3386e70774025f71b30cc41728c77
-
SSDEEP
1536:lptJlmrJpmxlRw99NBD/t+alqtmm+Z/tiwp613rvDaHwwle:bte2dw99fD/LqtmlVp6laT
Behavioral task
behavioral1
Sample
54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://miafashionropadeportiva.com/y
http://terabuild.sevencolours.eu/4bc2kL
http://oztax-homepage.tonishdev.com/Lg4
http://vioprotection.com.co/u
http://test.helos.no/6GZ24w1
Targets
-
-
Target
54311c77bf34c7cabfb8db1eb9fc8656_JaffaCakes118
-
Size
81KB
-
MD5
54311c77bf34c7cabfb8db1eb9fc8656
-
SHA1
611267ff2275d53bedfae15ff69561d0e1a319a1
-
SHA256
51a0668ec04b51d7d72a06d9ff811c2ff3d2e03a05f7e126753861e54cb1cf5c
-
SHA512
4e3a0e39e00e1b8aa58f6d0048e7e3c7dee0a456b26ce24b312964e932b5181622b9ddfdd94c36327ea318cb698331d00ad3386e70774025f71b30cc41728c77
-
SSDEEP
1536:lptJlmrJpmxlRw99NBD/t+alqtmm+Z/tiwp613rvDaHwwle:bte2dw99fD/LqtmlVp6laT
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-