General
-
Target
69ebf8825f865524df38bd5f9e751663_JaffaCakes118
-
Size
44KB
-
Sample
240523-ge83qsfe48
-
MD5
69ebf8825f865524df38bd5f9e751663
-
SHA1
ac492539a5a40330650bc06f3955b12e02705f22
-
SHA256
82ba7aafb5c198a58c3aa0bb7ce9ba02c22beed8380388db0c0efa56d0f3d175
-
SHA512
d1ffe87d8a65aa527877d06b74eecbe1f188d416f664e51881a6cb43e07605abeaabb400f0cb726fae9ab95ada6612663bd429204f8b5727903af653d6ac16bb
-
SSDEEP
384:wIj8iSUR/8dArqNLi08krLuHzQjbuMZZzkExygcPEdEsKhb2YOPygTP0jWdtf:v/qMaLiE5bZZ19yhEd6yPJbl
Behavioral task
behavioral1
Sample
69ebf8825f865524df38bd5f9e751663_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69ebf8825f865524df38bd5f9e751663_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://54.244.182.87:80
Targets
-
-
Target
69ebf8825f865524df38bd5f9e751663_JaffaCakes118
-
Size
44KB
-
MD5
69ebf8825f865524df38bd5f9e751663
-
SHA1
ac492539a5a40330650bc06f3955b12e02705f22
-
SHA256
82ba7aafb5c198a58c3aa0bb7ce9ba02c22beed8380388db0c0efa56d0f3d175
-
SHA512
d1ffe87d8a65aa527877d06b74eecbe1f188d416f664e51881a6cb43e07605abeaabb400f0cb726fae9ab95ada6612663bd429204f8b5727903af653d6ac16bb
-
SSDEEP
384:wIj8iSUR/8dArqNLi08krLuHzQjbuMZZzkExygcPEdEsKhb2YOPygTP0jWdtf:v/qMaLiE5bZZ19yhEd6yPJbl
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-