General
-
Target
645d21a8e9046506e6f030f860a91510_JaffaCakes118
-
Size
203KB
-
Sample
240521-xe2awsef44
-
MD5
645d21a8e9046506e6f030f860a91510
-
SHA1
c450ffb550d98776513912bbde01f55dd95d7173
-
SHA256
0ce9c996ddfbc5a2982a748de79cf7bdfd2f741635c5c9b64ce91ff8af564833
-
SHA512
ffbce0ab28e47aeb9bbc1918da02e1e7d5115895a1747426c54e99c62d2cd14cf77fea553cfb6f014343cb3636ce61635b4ec9c9dfafb890079d4fd0ef0919f9
-
SSDEEP
3072:Rte2dw99fVDm6ZlBb6hbXzseu2EJXT6PxbYznmFRw2NWl5eZ5Y9XhsYPQ/rKd6jB:bHdw7FLUJsKEVKYu9LCnY
Behavioral task
behavioral1
Sample
645d21a8e9046506e6f030f860a91510_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
645d21a8e9046506e6f030f860a91510_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://bangkoktailor.biz/oLnXvdhAQR
http://shvidenko.ru/c33nwsg
http://apicecon.com.br/t2gwhvHx
http://bartesol.org/cT5kG0TvXm
http://hitratesolutions.org/JDlahHJgy
Targets
-
-
Target
645d21a8e9046506e6f030f860a91510_JaffaCakes118
-
Size
203KB
-
MD5
645d21a8e9046506e6f030f860a91510
-
SHA1
c450ffb550d98776513912bbde01f55dd95d7173
-
SHA256
0ce9c996ddfbc5a2982a748de79cf7bdfd2f741635c5c9b64ce91ff8af564833
-
SHA512
ffbce0ab28e47aeb9bbc1918da02e1e7d5115895a1747426c54e99c62d2cd14cf77fea553cfb6f014343cb3636ce61635b4ec9c9dfafb890079d4fd0ef0919f9
-
SSDEEP
3072:Rte2dw99fVDm6ZlBb6hbXzseu2EJXT6PxbYznmFRw2NWl5eZ5Y9XhsYPQ/rKd6jB:bHdw7FLUJsKEVKYu9LCnY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-