General
-
Target
631de240ea26fcf9807312ba12e69ede_JaffaCakes118
-
Size
79KB
-
Sample
240521-nhbpzabg56
-
MD5
631de240ea26fcf9807312ba12e69ede
-
SHA1
01a1f443d4303af08c8847a0169c8c1e6e51beec
-
SHA256
50c4e66b9f3cbbab3298dc9113b16e485c17feecf296cab4829607942e6b63d2
-
SHA512
4de5314931d534a3ea015a60fd06d3f1dcb5b7822f5db9e9eef26d40c813ab7a760b78241aa4eb6290e51c03e840f6de7a6d552ca7987f289797be9c6b0fba53
-
SSDEEP
768:jpJcaUitGAlmrJpmxlzC+w99NBc+1onPkfUzN9Jfmnn0+mEiIOf:jptJlmrJpmxlRw99NBc+an/NrOnnO7r
Behavioral task
behavioral1
Sample
631de240ea26fcf9807312ba12e69ede_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
631de240ea26fcf9807312ba12e69ede_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://optics-line.com/JA
http://ironspot.com/GAsC
http://montegrappa.com.pa/VzEQMY
http://kristianmarlow.com/6DHJZlP
http://carriedavenport.com/priv_stats/8h7XXDJW
Targets
-
-
Target
631de240ea26fcf9807312ba12e69ede_JaffaCakes118
-
Size
79KB
-
MD5
631de240ea26fcf9807312ba12e69ede
-
SHA1
01a1f443d4303af08c8847a0169c8c1e6e51beec
-
SHA256
50c4e66b9f3cbbab3298dc9113b16e485c17feecf296cab4829607942e6b63d2
-
SHA512
4de5314931d534a3ea015a60fd06d3f1dcb5b7822f5db9e9eef26d40c813ab7a760b78241aa4eb6290e51c03e840f6de7a6d552ca7987f289797be9c6b0fba53
-
SSDEEP
768:jpJcaUitGAlmrJpmxlzC+w99NBc+1onPkfUzN9Jfmnn0+mEiIOf:jptJlmrJpmxlRw99NBc+an/NrOnnO7r
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-