General
-
Target
6bf8c0426942612117f842ff5fabf319_JaffaCakes118
-
Size
124KB
-
Sample
240523-xr8kqscg41
-
MD5
6bf8c0426942612117f842ff5fabf319
-
SHA1
6fe4f7e882b1e3d4769b4d9ba14ba1c228d143f3
-
SHA256
fee54bee34cd77ecd9928ec8f4af9b1313a16c15485df0b206a6908e432a8ca8
-
SHA512
1027a6a95949e1f9c157cb3b5af1357d9a00214f802f9aaabdcd71aa3c3f6bc79ad4e17e93ac3813a4d7df1ce61f6637cb9c9f69873d204ca6aac0233ba3c15c
-
SSDEEP
1536:6bNYTzKmsP7sd9h1wFFFF7dC7MQMXc0qg4F5MnrA+aJOs0abqExYBvAy42+Gexy+:6bOTzKmsP7snh1UQ5g4fY9ZAyh+y+
Behavioral task
behavioral1
Sample
Rechnung_2018_06_CY22053160887880.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Rechnung_2018_06_CY22053160887880.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://www.copticpope.org/7nCPQr/
http://wevik.hu/oadkCq/
http://jakeingles.com/W3cw/
http://www.kaukabphysiatry.com/hg9g/
http://www.facebook.printuser.nl/dhxj/
Targets
-
-
Target
Rechnung_2018_06_CY22053160887880.doc
-
Size
93KB
-
MD5
68496e372e5656d5c96cf74368277791
-
SHA1
b50396e10d8af7dc1d3a5e65da5b6e80d7a4fb1d
-
SHA256
00f4563cc7dd4686531b29a7a797b060daa891130724e4816862ed1c650d0901
-
SHA512
f718afd275f3c53f7bd41df06b11763dd1dc5a18d7d17d7014602f131cf0c2d3fcbb30806cef5149f5ab6c67b21cabae975ff9ac981618c4fc1160f8783ea669
-
SSDEEP
1536:3FFFF7dC7MQMXc0qg4F5MnrA+aJOs0abqExYBvAy42+Ge:XQ5g4fY9ZAyh
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-