General
-
Target
56934634a32985c597e2ae614d55d190_JaffaCakes118
-
Size
68KB
-
Sample
240518-yzhvqadc8x
-
MD5
56934634a32985c597e2ae614d55d190
-
SHA1
abc518e027b0f1d3735be583a06f8f376afceed6
-
SHA256
dafe595d8dc3cf275a9d6bea2e5151d40480a2d4b0e6c020b8065fe1a7972c80
-
SHA512
4efd15c46a470220418a60936a97991dabeaa73331a0e5a18050af62582324376cff62c548fdfa2f72a4593be2aa1daacb3a45d61c565122c6335d6dada45af5
-
SSDEEP
768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BqbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/SknF
Behavioral task
behavioral1
Sample
56934634a32985c597e2ae614d55d190_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
56934634a32985c597e2ae614d55d190_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://mooremakeup.com/k
http://crossroadstamp.com/0
http://ntsuporte.com.br/kl5
http://oooka.biz/RaQOFhRM
http://parusalon.ru/idb
Targets
-
-
Target
56934634a32985c597e2ae614d55d190_JaffaCakes118
-
Size
68KB
-
MD5
56934634a32985c597e2ae614d55d190
-
SHA1
abc518e027b0f1d3735be583a06f8f376afceed6
-
SHA256
dafe595d8dc3cf275a9d6bea2e5151d40480a2d4b0e6c020b8065fe1a7972c80
-
SHA512
4efd15c46a470220418a60936a97991dabeaa73331a0e5a18050af62582324376cff62c548fdfa2f72a4593be2aa1daacb3a45d61c565122c6335d6dada45af5
-
SSDEEP
768:upJcaUitGAlmrJpmxlzC+w99NBE+1o/BqbMmBktlFAO2vxwpp:uptJlmrJpmxlRw99NBE+a/SknF
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-