General
-
Target
6319ead80cd82034068a46661502d43b_JaffaCakes118
-
Size
165KB
-
Sample
240521-nds4fsbe98
-
MD5
6319ead80cd82034068a46661502d43b
-
SHA1
0bbdbcd04f008a7414fd0aeeee851f637dbc7388
-
SHA256
4c18105194296546d95c34b35ebfb1447c31d838f8ef957143ed25e40ddb5d83
-
SHA512
e0454dd31a2e6749d653ee0c20d17113a81e878f96595e30600d7477cffed5fac4215160441ebf7b53739251c7333fcf052e8b2209b3b69fc219a921ede8e1fd
-
SSDEEP
3072:zte2dw99fDZzdaTTOoaQNff6OW4PBOEM2bvDhXpV6u:BHdw7WTCoaQNJOabv9XpV6u
Behavioral task
behavioral1
Sample
6319ead80cd82034068a46661502d43b_JaffaCakes118.doc
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6319ead80cd82034068a46661502d43b_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://emporioflorianopolis.com.br/multimedia/AH3dB5Y2h
http://www.xianjiaopi.com/DTWn8HR6e
http://ufindit.com.au/yO47HFVs
http://www.lidersahtebalik.com.tr/44v1qfZIhA
http://wpcouponsite.com/dttLyRtF
Targets
-
-
Target
6319ead80cd82034068a46661502d43b_JaffaCakes118
-
Size
165KB
-
MD5
6319ead80cd82034068a46661502d43b
-
SHA1
0bbdbcd04f008a7414fd0aeeee851f637dbc7388
-
SHA256
4c18105194296546d95c34b35ebfb1447c31d838f8ef957143ed25e40ddb5d83
-
SHA512
e0454dd31a2e6749d653ee0c20d17113a81e878f96595e30600d7477cffed5fac4215160441ebf7b53739251c7333fcf052e8b2209b3b69fc219a921ede8e1fd
-
SSDEEP
3072:zte2dw99fDZzdaTTOoaQNff6OW4PBOEM2bvDhXpV6u:BHdw7WTCoaQNJOabv9XpV6u
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-