General
-
Target
652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118
-
Size
117KB
-
Sample
240521-3g3vdsdf43
-
MD5
652fb562e9a2cf3eea8ce882d85a8d1c
-
SHA1
7343a2a6eb7c0faa3d9d38883fc418929872a273
-
SHA256
01479d5412d3c696d16ffa6b01f6a3378995229ccd14a55c15e4c642401ebd0d
-
SHA512
66803778d6173454c73eb8827d0cc041847ed90843d2307a38858c5552636bc5eb4e5bb8d91488571810373afe1be735c985ffd118409261d5b5a15d91282a16
-
SSDEEP
1536:sptJlmrJpmxlRw99NB7+aPoFkrUrjJbg7uy3ALv6Y95DYH8:ste2dw99fArSvALv1mc
Behavioral task
behavioral1
Sample
652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://www.willbcn.com/1Z
http://atnea.org/YONh
http://cosmoservicios.cl/lR0HYK
http://zshongfeng168.com/aOK
http://odessacard.com/wp-content/uploads/Pq0KLFkL
Targets
-
-
Target
652fb562e9a2cf3eea8ce882d85a8d1c_JaffaCakes118
-
Size
117KB
-
MD5
652fb562e9a2cf3eea8ce882d85a8d1c
-
SHA1
7343a2a6eb7c0faa3d9d38883fc418929872a273
-
SHA256
01479d5412d3c696d16ffa6b01f6a3378995229ccd14a55c15e4c642401ebd0d
-
SHA512
66803778d6173454c73eb8827d0cc041847ed90843d2307a38858c5552636bc5eb4e5bb8d91488571810373afe1be735c985ffd118409261d5b5a15d91282a16
-
SSDEEP
1536:sptJlmrJpmxlRw99NB7+aPoFkrUrjJbg7uy3ALv6Y95DYH8:ste2dw99fArSvALv1mc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-