General
-
Target
68ef722404e4af112ba46eda232674ea_JaffaCakes118
-
Size
124KB
-
Sample
240522-2zs78scc91
-
MD5
68ef722404e4af112ba46eda232674ea
-
SHA1
f224c26966a20721b7b76300f3f9d147e748784f
-
SHA256
75ab57c48671a3b9245db793c0d4d071e22171792a944406881cfd2ca304fb07
-
SHA512
409b91b92472ce8732830557a0b629dcb05f115b153e0a81e361310b8d34236583744297d5c118536a7ca44f6cda31195a7cb5a710fbe70b2d8b1461f1a1281a
-
SSDEEP
1536:0ptJlmrJpmxlRw99NBc+asZWKkWnAUWzhhlHJcXR8HaCzFMh:Ete2dw99fdWKn1WzlMR8H
Behavioral task
behavioral1
Sample
68ef722404e4af112ba46eda232674ea_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
68ef722404e4af112ba46eda232674ea_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://www.remcuahaiduong.com/YEem7E4l
http://www.xiegangdian.com/wordpress/LLC/US_us/vYGPH8F
http://idfutura.com/c44CB8ub
http://bedrijfsnaamborden.nl/4eBGMr8
http://www.jojocorpflorida.com/1g1avkTDu9
Targets
-
-
Target
68ef722404e4af112ba46eda232674ea_JaffaCakes118
-
Size
124KB
-
MD5
68ef722404e4af112ba46eda232674ea
-
SHA1
f224c26966a20721b7b76300f3f9d147e748784f
-
SHA256
75ab57c48671a3b9245db793c0d4d071e22171792a944406881cfd2ca304fb07
-
SHA512
409b91b92472ce8732830557a0b629dcb05f115b153e0a81e361310b8d34236583744297d5c118536a7ca44f6cda31195a7cb5a710fbe70b2d8b1461f1a1281a
-
SSDEEP
1536:0ptJlmrJpmxlRw99NBc+asZWKkWnAUWzhhlHJcXR8HaCzFMh:Ete2dw99fdWKn1WzlMR8H
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-