General
-
Target
569a929463dc75c80783d9cb93bca78c_JaffaCakes118
-
Size
259KB
-
Sample
240518-y4zzssdf6x
-
MD5
569a929463dc75c80783d9cb93bca78c
-
SHA1
bb8acd3c4f240e3e751fc02b81446fd4b65ba068
-
SHA256
8c2ca0ed9fe9a6a4232f12a27907594486e7bb5f9c6a649f7ff715bb19830ace
-
SHA512
1d89e8554e9848c129dd6e0195b8b222f897cd269cd00c81913feba654f0be3dcc0fb17e66d172ca7703eacf467c72a53ae7c09e78c14ae00d456bf5a565ca1e
-
SSDEEP
6144:XHsclEYbxSsQOo3cu/FA5Z/bW01tSy9we:XN+YbxCR3cMFALqh
Behavioral task
behavioral1
Sample
569a929463dc75c80783d9cb93bca78c_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
569a929463dc75c80783d9cb93bca78c_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://217.182.231.43/lodpos.php
http://d792jssk19usnskdxnsw.com/MXE/lodpos.php?l=yows2.xt2
Targets
-
-
Target
569a929463dc75c80783d9cb93bca78c_JaffaCakes118
-
Size
259KB
-
MD5
569a929463dc75c80783d9cb93bca78c
-
SHA1
bb8acd3c4f240e3e751fc02b81446fd4b65ba068
-
SHA256
8c2ca0ed9fe9a6a4232f12a27907594486e7bb5f9c6a649f7ff715bb19830ace
-
SHA512
1d89e8554e9848c129dd6e0195b8b222f897cd269cd00c81913feba654f0be3dcc0fb17e66d172ca7703eacf467c72a53ae7c09e78c14ae00d456bf5a565ca1e
-
SSDEEP
6144:XHsclEYbxSsQOo3cu/FA5Z/bW01tSy9we:XN+YbxCR3cMFALqh
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-