General
-
Target
6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118
-
Size
268KB
-
Sample
240521-ax1qracd77
-
MD5
6178dc6d2ae04bda0f998dbca1564824
-
SHA1
55a31711c9849b8a72dc36e591734227707b7e79
-
SHA256
d7610008f1f0825a0d6e0eba01ac358d9f553c19db572c42622b2c2e520331a9
-
SHA512
bb663146795c30788becf3cc086fbe091aa93eb0e7e755a4669260dec501f0aea556b2cffef6edbfd0b14e384a4fc1b82128dcc533301dd6650b093480870f65
-
SSDEEP
6144:dlHdw7fKygopeaLRcoWXTXx3E/tgDVtZ:dBazKyqaLRcTTX1E/0zZ
Behavioral task
behavioral1
Sample
6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://hockeystickz.com/XE6LOJ
http://jeffweeksphotography.com/7mHSXX
http://hellcatshockey.org/k
http://gsverwelius.nl/7Sf68C7x
http://aile.pub/KmKEymIK
Targets
-
-
Target
6178dc6d2ae04bda0f998dbca1564824_JaffaCakes118
-
Size
268KB
-
MD5
6178dc6d2ae04bda0f998dbca1564824
-
SHA1
55a31711c9849b8a72dc36e591734227707b7e79
-
SHA256
d7610008f1f0825a0d6e0eba01ac358d9f553c19db572c42622b2c2e520331a9
-
SHA512
bb663146795c30788becf3cc086fbe091aa93eb0e7e755a4669260dec501f0aea556b2cffef6edbfd0b14e384a4fc1b82128dcc533301dd6650b093480870f65
-
SSDEEP
6144:dlHdw7fKygopeaLRcoWXTXx3E/tgDVtZ:dBazKyqaLRcTTX1E/0zZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-