General
-
Target
64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118
-
Size
44KB
-
Sample
240521-zstt3sac67
-
MD5
64c0443c20726159d0fd6c4cc91daab6
-
SHA1
39c7a179b61896b7cd056eb206ce4a6aa18abb7b
-
SHA256
aec61fa097846f21b4be61f9fcf55e99b1f06fde331135b50da1fef2c7332d18
-
SHA512
18c6574621ffc5eb6167a54a1388595af3ab63b4be2521187e0939a9c8400e69aa477b477d29f35aa3304e6116e3bc2d4024cc87c059a6176c9a409789c94b64
-
SSDEEP
384:wVU8iSUR/8dAqqNLi08krJuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jzNta:l/qtaLiEbbZZ19yhEd6yPJJk
Behavioral task
behavioral1
Sample
64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://54.244.182.87:80
Targets
-
-
Target
64c0443c20726159d0fd6c4cc91daab6_JaffaCakes118
-
Size
44KB
-
MD5
64c0443c20726159d0fd6c4cc91daab6
-
SHA1
39c7a179b61896b7cd056eb206ce4a6aa18abb7b
-
SHA256
aec61fa097846f21b4be61f9fcf55e99b1f06fde331135b50da1fef2c7332d18
-
SHA512
18c6574621ffc5eb6167a54a1388595af3ab63b4be2521187e0939a9c8400e69aa477b477d29f35aa3304e6116e3bc2d4024cc87c059a6176c9a409789c94b64
-
SSDEEP
384:wVU8iSUR/8dAqqNLi08krJuHzQjbuMZZzkExygcPEdEsKhb2YOPygdP0jzNta:l/qtaLiEbbZZ19yhEd6yPJJk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-