General
-
Target
5681907763cea067e8a1d9fdb3224bce_JaffaCakes118
-
Size
64KB
-
Sample
240518-yl534ada78
-
MD5
5681907763cea067e8a1d9fdb3224bce
-
SHA1
8af34f39fa30568f5e0c28a82273ad38db6cc982
-
SHA256
d791714bf515d2e6f3e709375cfe56171589f4359614487485836a9a23bb3da0
-
SHA512
ed0d2407c4a753d6d65f08e3c7e4cbb2469d512fcb5be03956f674961d6c813f93722dde012009acd225563320d56ab50789af4a6421899eb4b3ce8469594c31
-
SSDEEP
1536:WptJlmrJpmxlRw99NBz+aznMJD1R0PGrd:ate2dw99fbMJJRSGrd
Behavioral task
behavioral1
Sample
5681907763cea067e8a1d9fdb3224bce_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
5681907763cea067e8a1d9fdb3224bce_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://newspectivenewage.com/wOkHIv
http://notehashtom.ir/q7Zj
http://campwoodlands.ca/zR
http://atmah.org/cK
http://anturium-design.ru/Mgd6m2
Targets
-
-
Target
5681907763cea067e8a1d9fdb3224bce_JaffaCakes118
-
Size
64KB
-
MD5
5681907763cea067e8a1d9fdb3224bce
-
SHA1
8af34f39fa30568f5e0c28a82273ad38db6cc982
-
SHA256
d791714bf515d2e6f3e709375cfe56171589f4359614487485836a9a23bb3da0
-
SHA512
ed0d2407c4a753d6d65f08e3c7e4cbb2469d512fcb5be03956f674961d6c813f93722dde012009acd225563320d56ab50789af4a6421899eb4b3ce8469594c31
-
SSDEEP
1536:WptJlmrJpmxlRw99NBz+aznMJD1R0PGrd:ate2dw99fbMJJRSGrd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-