General
-
Target
7654136337e8ec5731367d13b9521e38_JaffaCakes118
-
Size
44KB
-
Sample
240526-wktmkaef9s
-
MD5
7654136337e8ec5731367d13b9521e38
-
SHA1
2e362a6437de31994deb26e27b018789227d34fe
-
SHA256
b228ba531b47be002dcaec2ce218fbd310cfe235b6458690161a7a256bf1eec9
-
SHA512
15dfd87cdf1e9b28bf06fb3750e3902561ac643ee25a268522b0e566675d8b3b5ca7e8f96ff299fe2b91f11e340ec220d7e2f849dd5d0069ef6e67482b1f3432
-
SSDEEP
384:wca8iSUR/8dAUqNLi08kr8uHzQjbuMZZzkExygcPEdEsKhb2YOPygAP0jDat6:+/qLaLiEObZZ19yhEd6yPJeU
Behavioral task
behavioral1
Sample
7654136337e8ec5731367d13b9521e38_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7654136337e8ec5731367d13b9521e38_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://54.244.182.87:80
Targets
-
-
Target
7654136337e8ec5731367d13b9521e38_JaffaCakes118
-
Size
44KB
-
MD5
7654136337e8ec5731367d13b9521e38
-
SHA1
2e362a6437de31994deb26e27b018789227d34fe
-
SHA256
b228ba531b47be002dcaec2ce218fbd310cfe235b6458690161a7a256bf1eec9
-
SHA512
15dfd87cdf1e9b28bf06fb3750e3902561ac643ee25a268522b0e566675d8b3b5ca7e8f96ff299fe2b91f11e340ec220d7e2f849dd5d0069ef6e67482b1f3432
-
SSDEEP
384:wca8iSUR/8dAUqNLi08kr8uHzQjbuMZZzkExygcPEdEsKhb2YOPygAP0jDat6:+/qLaLiEObZZ19yhEd6yPJeU
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-