General
-
Target
701986a5898c8d53a7add9e618c090d2_JaffaCakes118
-
Size
91KB
-
Sample
240524-242eeaeg27
-
MD5
701986a5898c8d53a7add9e618c090d2
-
SHA1
32b3aacebad94dd60ee7a24239325fd05e6bdb7c
-
SHA256
e92d13ee8aedcd055189f7a7327d5276e4391c19bc9d6170870a835f8bb70919
-
SHA512
583c173dca8167db4edc20104656d30ad8a7140e06c109a20a58d2f9d17d1456422d08bc2aa866fed5f4a432e0a8df1227624466423efcc285e596e9efd68d22
-
SSDEEP
1536:eTxjwKZ09cB7y9ghN8+mQ90MTG+axNnyS1r94q:mxjnB29gb8onsFc
Behavioral task
behavioral1
Sample
701986a5898c8d53a7add9e618c090d2_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
701986a5898c8d53a7add9e618c090d2_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://frankbruk.pl/2c41pAl
http://barocatch.com/uGXYU6
http://feitosaefujita.adv.br/MVgPzBH
http://knappe.pl/9Sq
http://sharjahas.com/FSpr1b
Targets
-
-
Target
701986a5898c8d53a7add9e618c090d2_JaffaCakes118
-
Size
91KB
-
MD5
701986a5898c8d53a7add9e618c090d2
-
SHA1
32b3aacebad94dd60ee7a24239325fd05e6bdb7c
-
SHA256
e92d13ee8aedcd055189f7a7327d5276e4391c19bc9d6170870a835f8bb70919
-
SHA512
583c173dca8167db4edc20104656d30ad8a7140e06c109a20a58d2f9d17d1456422d08bc2aa866fed5f4a432e0a8df1227624466423efcc285e596e9efd68d22
-
SSDEEP
1536:eTxjwKZ09cB7y9ghN8+mQ90MTG+axNnyS1r94q:mxjnB29gb8onsFc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-