General
-
Target
6def1a425952748dc1a87382d2a65a22_JaffaCakes118
-
Size
94KB
-
Sample
240524-kp5pvabf94
-
MD5
6def1a425952748dc1a87382d2a65a22
-
SHA1
cd740fceb3c1beccd2ded2306c8a6f9c036daa7d
-
SHA256
f0190fb83e6dc7ed79b96ef13a80b849a1c28fccd3f6801de72dfa1db9dfe603
-
SHA512
a1a13da4116b9b725771d4dcf5b770801286e1f3bf6dbfee1f15897c3dbcc6de739d874e23c30f25ff791cfa857bb1851f26d0cf2e25aac2ed61aeb1119ddcda
-
SSDEEP
1536:PT5IADoVeYBIyq7UxgElJxAbuYesT6rOsuHZ5BaXJzz4P7dFVe4Q:PT5I4oVeyhxAiYeserOBBa61Q
Behavioral task
behavioral1
Sample
Invoices Overdue.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Invoices Overdue.doc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Invoices Overdue.doc
-
Size
164KB
-
MD5
7c9735e3928995054fe8058d004852ad
-
SHA1
17b8c6dee333d021c0ead2b49e9233c28710f080
-
SHA256
3d5eb1ccb2f9325b699e8409646da55b7b504b30c0d66e237eb145b01c74012b
-
SHA512
856dbf0c6b38d3ba0da5ace8ca0fca200b5f06274a09f1e59055160754e0d9aa1f4b966605b1ce6588df80c06964270891286837e91c1c50cf4895731d9d3209
-
SSDEEP
3072:7hR2eSC+ONWql6BbCxRPOXtPPSh6pPG4C4vZe2xK+KNW/mZ2J1MJzFnBoNAvTtWs:7hULO1l6BmFU1b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-