General
-
Target
6ab415814e5432bf55c78c60df0db7a7_JaffaCakes118
-
Size
102KB
-
Sample
240523-my5gjsdf8z
-
MD5
6ab415814e5432bf55c78c60df0db7a7
-
SHA1
8830f39cbd59dcbf14790465985b575f2095529a
-
SHA256
1e52d21cc79be3403419f679a554b715835fcb71fbcf3e385a1368c6d3c19cf7
-
SHA512
27a7a62cd78894cedd1f205076b4beaf5176869941ff34dbbd6f14dbd0469ea922a9ed76bc176f196b9e25dc3df59c2326d6d49afcdf6fc18fd79df445089028
-
SSDEEP
1536:6WlWjptJlmrJpmxlRw99NBO+aA7IrlnKchqXN076KC0It4oCp7tEX:/4Nte2dw99fx2vR1It4HtEX
Behavioral task
behavioral1
Sample
JHL_D_3392853_28_08_2018.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
JHL_D_3392853_28_08_2018.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://aliu-rdc.org/QwWKYJxM
http://2idiotsandnobusinessplan.com/wC7
http://7naturalessences.com/DFaSvtrS
http://benimdunyamkres.com/v0vig1G1
http://hostmktar.com/mP
Targets
-
-
Target
JHL_D_3392853_28_08_2018.doc
-
Size
83KB
-
MD5
e4625136904c387f83100ce9861b2e21
-
SHA1
3b29428a6cea904abd2903d5623fd7094914fec6
-
SHA256
8db36a2bb5a769e6d5f1598734a7f26fcabed65197a0463a3ff1cc1486953d3c
-
SHA512
191b87540c3f9d8ae06dd0532e22dafab46f2ab247a682f40f1a5a7bbdaa5e3b14e900a9195ef1077421695f9dfa3525d3a2b950a4eece65ad9200d0b4eebd9d
-
SSDEEP
1536:JptJlmrJpmxlRw99NBO+aA7IrlnKchqXN076KC0It4oC:3te2dw99fx2vR1It4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-