General
-
Target
6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118
-
Size
151KB
-
Sample
240523-wngr6sbc54
-
MD5
6bcc38f2c505ae47eeef8458adac6108
-
SHA1
2261dc6140ceeac6b4520512de9ffe3e2175078d
-
SHA256
9412268f1f2c0eb9a06cc682d774e05495a3b4e468749c77e157a5a354c2c8d8
-
SHA512
53855cd1f39a5f7313de0ade1401de7a058ab4cf07382ef57f0f06b72cfbeb6996a9e139d03897e0477e980346556b21161d8fa21e2969ed767c4d6349526b1c
-
SSDEEP
3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zgI0E2T5:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCD
Behavioral task
behavioral1
Sample
6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://pressuredspeech.com/dngn/cEmgNTByQ/
https://phoneringtones.info/wp-content/uploads/qx93_k68trw3j-15334/
http://safeservicesfze.com/wp-admin/ZmVYmAXv/
https://freewallpaperdesktop.com/wp-includes/50lz_zkln03lbc-8209361/
http://noingoaithatthanhnam.com/wp-admin/voytvHre/
Targets
-
-
Target
6bcc38f2c505ae47eeef8458adac6108_JaffaCakes118
-
Size
151KB
-
MD5
6bcc38f2c505ae47eeef8458adac6108
-
SHA1
2261dc6140ceeac6b4520512de9ffe3e2175078d
-
SHA256
9412268f1f2c0eb9a06cc682d774e05495a3b4e468749c77e157a5a354c2c8d8
-
SHA512
53855cd1f39a5f7313de0ade1401de7a058ab4cf07382ef57f0f06b72cfbeb6996a9e139d03897e0477e980346556b21161d8fa21e2969ed767c4d6349526b1c
-
SSDEEP
3072:J77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qP/fhJEQiAEoS5y3zgI0E2T5:J77HUUUUUUUUUUUUUUUUUUUT52VmfhCD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-