General
-
Target
75b5887bf105e8c270a980a1122802d3_JaffaCakes118
-
Size
81KB
-
Sample
240526-ra6f6ahf55
-
MD5
75b5887bf105e8c270a980a1122802d3
-
SHA1
20bba6c529a1036e4252b9dd86c1a06f92221def
-
SHA256
c57bc62f944a858d7b6b1e2ff89f50f466b260cf79385517cc9c108d9b244530
-
SHA512
c49447e19f9dd885af05e67e8224f94f4a74c89f3104b11d0bfe6c74de61f7e41a393cba6e99329e34cd70e0133e017f30aefaffd97a1664b47900ff2bbb4998
-
SSDEEP
1536:TptJlmrJpmxlRw99NB3+aEYvycIfhHfFUnRA5xuM:dte2dw99flJmfF6ex
Behavioral task
behavioral1
Sample
75b5887bf105e8c270a980a1122802d3_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
75b5887bf105e8c270a980a1122802d3_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://michiganbusiness.us/jBE6
http://ingridkaslik.com/8
http://drdelaluz.com/Q7s1
http://milehighffa.com/cqZHO01V
http://avto-baki.ru/Ph9j
Targets
-
-
Target
75b5887bf105e8c270a980a1122802d3_JaffaCakes118
-
Size
81KB
-
MD5
75b5887bf105e8c270a980a1122802d3
-
SHA1
20bba6c529a1036e4252b9dd86c1a06f92221def
-
SHA256
c57bc62f944a858d7b6b1e2ff89f50f466b260cf79385517cc9c108d9b244530
-
SHA512
c49447e19f9dd885af05e67e8224f94f4a74c89f3104b11d0bfe6c74de61f7e41a393cba6e99329e34cd70e0133e017f30aefaffd97a1664b47900ff2bbb4998
-
SSDEEP
1536:TptJlmrJpmxlRw99NB3+aEYvycIfhHfFUnRA5xuM:dte2dw99flJmfF6ex
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-