General
-
Target
76f4e1d213610b394ab757b416a975f7_JaffaCakes118
-
Size
71KB
-
Sample
240526-14t5nadh6w
-
MD5
76f4e1d213610b394ab757b416a975f7
-
SHA1
b6e2a8c61598b78abce3795397ae8426ea82d58e
-
SHA256
85f1cec376723655d5d616ed12c3d379d29c5e6a6f4067e0f3c1bb7e17353073
-
SHA512
e643df99d4fa7aa39b08ffde43c3b1edbae9f6555d9aa27f81113879814f6509d82e179ef68198588d4a4e62466ed88a7bb81fc407901b568a140aea33b8182c
-
SSDEEP
768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiEnf+W1Efo44/+7szlDsB8L:4ptJlmrJpmxlRw99NBN+aW717mAa
Behavioral task
behavioral1
Sample
76f4e1d213610b394ab757b416a975f7_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
76f4e1d213610b394ab757b416a975f7_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://frayd.com/KccPtp
http://empiresys.com.sg/Zpa5Q70H
http://eldridgelondon.com/nubOyShJ
http://iclebyte.com/oWT
http://kerasova-photo.ru/Yuv
Targets
-
-
Target
76f4e1d213610b394ab757b416a975f7_JaffaCakes118
-
Size
71KB
-
MD5
76f4e1d213610b394ab757b416a975f7
-
SHA1
b6e2a8c61598b78abce3795397ae8426ea82d58e
-
SHA256
85f1cec376723655d5d616ed12c3d379d29c5e6a6f4067e0f3c1bb7e17353073
-
SHA512
e643df99d4fa7aa39b08ffde43c3b1edbae9f6555d9aa27f81113879814f6509d82e179ef68198588d4a4e62466ed88a7bb81fc407901b568a140aea33b8182c
-
SSDEEP
768:4pJcaUitGAlmrJpmxlzC+w99NBN+1oWiEnf+W1Efo44/+7szlDsB8L:4ptJlmrJpmxlRw99NBN+aW717mAa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-