General
-
Target
6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118
-
Size
185KB
-
Sample
240524-wl2pkaed98
-
MD5
6f60215f1027677eb4ded4f781a7a7fd
-
SHA1
befb11e6d537c08d3d4c51ca340d839bd678460c
-
SHA256
e7d8a8739fd0c8f1fd0d6ce223da95ba91b04ec2b33b8383efa08c3218065aaf
-
SHA512
91926bb56a38a0c16cbc0df65a08fbd125366f87197f408e7555f052896bd354fce9e019cef3b6500e4dec842c76b8e17f1acf114ccaf3cdf96c925eaebe2670
-
SSDEEP
3072:8te2dw99fQYgfdTzL7+H56oukSzk6sNMlCs7WSd9+lDRWMYIi5VlCIAxf5Je9x3z:oHdw7eTzL7+HI3bY6sNM994Kp3Rx
Behavioral task
behavioral1
Sample
6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118.doc
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://peekaboorevue.com/0B5WOLOKFg
http://atgmail.net/Jj6SClPro
http://krever.jp/njwxGImMd
http://gabrielamenna.com/RLDjDvQJw
http://desnmsp.com/oEdTUUscJA
Targets
-
-
Target
6f60215f1027677eb4ded4f781a7a7fd_JaffaCakes118
-
Size
185KB
-
MD5
6f60215f1027677eb4ded4f781a7a7fd
-
SHA1
befb11e6d537c08d3d4c51ca340d839bd678460c
-
SHA256
e7d8a8739fd0c8f1fd0d6ce223da95ba91b04ec2b33b8383efa08c3218065aaf
-
SHA512
91926bb56a38a0c16cbc0df65a08fbd125366f87197f408e7555f052896bd354fce9e019cef3b6500e4dec842c76b8e17f1acf114ccaf3cdf96c925eaebe2670
-
SSDEEP
3072:8te2dw99fQYgfdTzL7+H56oukSzk6sNMlCs7WSd9+lDRWMYIi5VlCIAxf5Je9x3z:oHdw7eTzL7+HI3bY6sNM994Kp3Rx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-