General
-
Target
580f0c6436b66bf1d241b60b377c3e48_JaffaCakes118
-
Size
105KB
-
Sample
240519-cnywxadc3v
-
MD5
580f0c6436b66bf1d241b60b377c3e48
-
SHA1
199ef855f5657e16b781e6ab7ce5b6adfbc0c9aa
-
SHA256
65df22d8324ac4ec988abbc319b2dcbdbe7da062b2ad006dde21270c8ba11c46
-
SHA512
aa15696dfd9dcb1bcc65ba4014925f5b8d438930a88594021ce8ecd5d2307b3becf69975a1e8e147b29f1f93b5c49157a3ad42251c3df647ad443ff71cd5e286
-
SSDEEP
3072:IMIqkaybokSjZTZjU+0cK05KlwMZ5jtG4zL:IMHVyb3CZ535KnpG4zL
Behavioral task
behavioral1
Sample
XY-7751895.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XY-7751895.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://rickzandvoort.nl/iAsylSE/
http://littlepicture.de/fjsN/
http://di2media.nl/downloader/G4h8/
http://getzendiner.com/kB3RzYg/
Targets
-
-
Target
XY-7751895
-
Size
194KB
-
MD5
4f09e96c4b23820b6d3dfdd2381b8a1e
-
SHA1
c18e1141e40e6561b8b13a9c59f9afb480f190c1
-
SHA256
ea036a4e07795cc164463e195031d10c130a6ee7176aee37002890c913c1f5dc
-
SHA512
d0f4a87010534fa38523ad1f82ca54cfeacaf07f292d1d1b2c90f5b6197b3f1199414153c80056fead62c3511ff385786415d8384028219f6ba385e2c877c144
-
SSDEEP
3072:gNYW/Ok6ZOZykI27dRbiJp9XOTXp3naXCLeTWk15YeZc721h:a2k6ZOZt7dRbi8TXp3uCyTZ/pZc721h
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-