General
-
Target
54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118
-
Size
93KB
-
Sample
240518-qpxbcsde61
-
MD5
54efa3a21c4500a6f2bd0039615e2875
-
SHA1
93fea75d5c2073ae56df6cd128240a9762f57200
-
SHA256
0dbd38d7502e2fc3e11651495fe95b40e6f6590e93784831950fa24477728c68
-
SHA512
d66d0ad0f62a33b810a964ebbd81ebf8a571f1e1427d2cff366abe51128d965a4fafcbca1127569d08a32647bf14fceb09a16409836cb61dc34c6ae51f63312a
-
SSDEEP
1536:kptJlmrJpmxlRw99NB4w+dB9uoiUCnX64JrTEGmu74:Ute2dw99fjzNEXj
Behavioral task
behavioral1
Sample
54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://29uwuwousuw8wuwyuwie.com/MXE/lodpos.php?l=yows1.xt2
Targets
-
-
Target
54efa3a21c4500a6f2bd0039615e2875_JaffaCakes118
-
Size
93KB
-
MD5
54efa3a21c4500a6f2bd0039615e2875
-
SHA1
93fea75d5c2073ae56df6cd128240a9762f57200
-
SHA256
0dbd38d7502e2fc3e11651495fe95b40e6f6590e93784831950fa24477728c68
-
SHA512
d66d0ad0f62a33b810a964ebbd81ebf8a571f1e1427d2cff366abe51128d965a4fafcbca1127569d08a32647bf14fceb09a16409836cb61dc34c6ae51f63312a
-
SSDEEP
1536:kptJlmrJpmxlRw99NB4w+dB9uoiUCnX64JrTEGmu74:Ute2dw99fjzNEXj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-