General
-
Target
6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118
-
Size
81KB
-
Sample
240524-ysgzvahf53
-
MD5
6faf33dcd2aebb8a38e44ee3138db09e
-
SHA1
1fca477369ffd062b71df6f1d5dafb2a106c820e
-
SHA256
e6349ffaa8b50d88fbad3ad09d8363533b30af9eec2fcfef81577daa9be850db
-
SHA512
0b54a3034b344e2fce15423d72f964f94fc86c1887076baf6fcd16e228583825bce888d4ce3327f6915a1f18c192fb556ebbfd03bf6c8cf1972040c78e6cad7f
-
SSDEEP
768:h////gpJcaUitGAlmrJpmxlzC+w99NBx+1oU7eD1OEzNqP6g9N5gMa+rEopSSI6G:SptJlmrJpmxlRw99NBx+aU7ezK6YafU
Behavioral task
behavioral1
Sample
6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://dtpco.com/vQcOsD
http://planet-makina.com/mm77h
http://www.ultigamer.com/wp-admin/includes/pJ0N8k
http://alyciawells.com/80eCFJL
http://bigrighosting.com/KO
Targets
-
-
Target
6faf33dcd2aebb8a38e44ee3138db09e_JaffaCakes118
-
Size
81KB
-
MD5
6faf33dcd2aebb8a38e44ee3138db09e
-
SHA1
1fca477369ffd062b71df6f1d5dafb2a106c820e
-
SHA256
e6349ffaa8b50d88fbad3ad09d8363533b30af9eec2fcfef81577daa9be850db
-
SHA512
0b54a3034b344e2fce15423d72f964f94fc86c1887076baf6fcd16e228583825bce888d4ce3327f6915a1f18c192fb556ebbfd03bf6c8cf1972040c78e6cad7f
-
SSDEEP
768:h////gpJcaUitGAlmrJpmxlzC+w99NBx+1oU7eD1OEzNqP6g9N5gMa+rEopSSI6G:SptJlmrJpmxlRw99NBx+aU7ezK6YafU
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-