General
-
Target
6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118
-
Size
127KB
-
Sample
240522-nrvjfadb42
-
MD5
6720c81dce3d22d0f2ae8d201274cd40
-
SHA1
80f53bcce783510e252c355e1542c132ed65ee26
-
SHA256
a45d3b35611b3b583eead125932772f994245195979ed66acb0f18b4733a44c4
-
SHA512
6e5f295082d6188d27f821cf8284c2a4281ca67897d914cafa91e49f9a8898e0b9c7302e810596dd1a460533e0c746bbca54a75a286a94a4b1bbf1a236bd5dbb
-
SSDEEP
1536:6ptJlmrJpmxlRw99NBt+aa4nT43MxuFHU1Y5la81clutdi48tO:mte2dw99f3c34K5lH16uPpK
Behavioral task
behavioral1
Sample
6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://leadgagmedia.com/xysqgxCk
http://inexlogistic.com/wSZXfo75k
http://www.chillicothevets.com/2013/aX9vC46Ju
http://www.emrsesp.com/PxM8Hqxw4p
http://casinoonlinemaxbet.com/Ce03Fm8
Targets
-
-
Target
6720c81dce3d22d0f2ae8d201274cd40_JaffaCakes118
-
Size
127KB
-
MD5
6720c81dce3d22d0f2ae8d201274cd40
-
SHA1
80f53bcce783510e252c355e1542c132ed65ee26
-
SHA256
a45d3b35611b3b583eead125932772f994245195979ed66acb0f18b4733a44c4
-
SHA512
6e5f295082d6188d27f821cf8284c2a4281ca67897d914cafa91e49f9a8898e0b9c7302e810596dd1a460533e0c746bbca54a75a286a94a4b1bbf1a236bd5dbb
-
SSDEEP
1536:6ptJlmrJpmxlRw99NBt+aa4nT43MxuFHU1Y5la81clutdi48tO:mte2dw99f3c34K5lH16uPpK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-