General
-
Target
568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118
-
Size
83KB
-
Sample
240518-yt3ypsde38
-
MD5
568bbd57755c1f7069f20e580cb46fc8
-
SHA1
3907c8890f5bd79a4fb7ca33325d4dddcc90dbc0
-
SHA256
aedf07cd6d354738b087dfee116cbea4c07bb8b13faa82ad8eff925c553dcc5e
-
SHA512
dffed863dba7f72dcf3ed1f18c8092a3ccce5d38070f59a0c1064d5ece267b3d67deceb3816a02396eec39625d76675dcf90207935fff93e36a2aea42ad0db51
-
SSDEEP
1536:KptJlmrJpmxlRw99NBT+aVA9EB70iz4lSfie:Wte2dw99fW9E
Behavioral task
behavioral1
Sample
568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://menricus.eu/jkJN9v1r
http://drclaudiadiez.com/6u
http://dolhun.pl/pub/q12K
http://bdhyman.com/pXH9xty
http://ahlihosting.com/NktXvPt
Targets
-
-
Target
568bbd57755c1f7069f20e580cb46fc8_JaffaCakes118
-
Size
83KB
-
MD5
568bbd57755c1f7069f20e580cb46fc8
-
SHA1
3907c8890f5bd79a4fb7ca33325d4dddcc90dbc0
-
SHA256
aedf07cd6d354738b087dfee116cbea4c07bb8b13faa82ad8eff925c553dcc5e
-
SHA512
dffed863dba7f72dcf3ed1f18c8092a3ccce5d38070f59a0c1064d5ece267b3d67deceb3816a02396eec39625d76675dcf90207935fff93e36a2aea42ad0db51
-
SSDEEP
1536:KptJlmrJpmxlRw99NBT+aVA9EB70iz4lSfie:Wte2dw99fW9E
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-