General
-
Target
6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118
-
Size
121KB
-
Sample
240524-ayx19afa77
-
MD5
6cce3844ae7ae9cc8da0c5a2bd2842bc
-
SHA1
41f165a10fd171f95b1ed658430a60a70bef54d2
-
SHA256
dad8170988a315cb1ec7522c6b096f5ec9d96843daab4c086471f7d68f5a3362
-
SHA512
75575407d61926758b3a2c864fe3005d4ad482e3e78d240b3dc0f676e7aa2f4ea53a581365f86078348c9cee7017f01b5dec15214f45982b09f0da114dd509ea
-
SSDEEP
3072:fte2dw99f/WinAm4A1qWQqy0cElDhCyw:VHdw7/WiAhqIY1w
Behavioral task
behavioral1
Sample
6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://tact-yl.fr/HqnEMKw
http://www.premierpilawyers.com/043FVGKyE
http://costaricanmedicaltours.com/2TIq6N0kS
http://benthanhdorm.com/LIOZPBnu
http://www.bogorterkini.com/NDmMxzL
Targets
-
-
Target
6cce3844ae7ae9cc8da0c5a2bd2842bc_JaffaCakes118
-
Size
121KB
-
MD5
6cce3844ae7ae9cc8da0c5a2bd2842bc
-
SHA1
41f165a10fd171f95b1ed658430a60a70bef54d2
-
SHA256
dad8170988a315cb1ec7522c6b096f5ec9d96843daab4c086471f7d68f5a3362
-
SHA512
75575407d61926758b3a2c864fe3005d4ad482e3e78d240b3dc0f676e7aa2f4ea53a581365f86078348c9cee7017f01b5dec15214f45982b09f0da114dd509ea
-
SSDEEP
3072:fte2dw99f/WinAm4A1qWQqy0cElDhCyw:VHdw7/WiAhqIY1w
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-