General
-
Target
7695ff26225be6321f38df07569dd4eb_JaffaCakes118
-
Size
128KB
-
Sample
240526-yaglcshc8t
-
MD5
7695ff26225be6321f38df07569dd4eb
-
SHA1
c16661c7d5e78ac8dd248e68cad42b82e4c4d32f
-
SHA256
a666f9160bda0dc5c736acd1f0c9332b5f8ddcdf738397f430208b78e9f01ca9
-
SHA512
33f9db0cfa0b6acd69b82033ca093da139db68766c9bcd579556290bc653dfe9c8ecf6ffc38c54e978de3cc60c977ccd13352c1424525579addc26e58fe5b069
-
SSDEEP
1536:7ptJlmrJpmxlRw99NBD+aEdV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fQ96AxGcdgE16r
Behavioral task
behavioral1
Sample
7695ff26225be6321f38df07569dd4eb_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7695ff26225be6321f38df07569dd4eb_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://jobarba.com/wp-content/dstf6
http://lightbox.lbdev.co.uk/WHl239
http://challengerballtournament.com/5Evo
http://thepresentationstage.com/V5mXOIOH
http://demo.58insaat.com/tuGN6FS
Targets
-
-
Target
7695ff26225be6321f38df07569dd4eb_JaffaCakes118
-
Size
128KB
-
MD5
7695ff26225be6321f38df07569dd4eb
-
SHA1
c16661c7d5e78ac8dd248e68cad42b82e4c4d32f
-
SHA256
a666f9160bda0dc5c736acd1f0c9332b5f8ddcdf738397f430208b78e9f01ca9
-
SHA512
33f9db0cfa0b6acd69b82033ca093da139db68766c9bcd579556290bc653dfe9c8ecf6ffc38c54e978de3cc60c977ccd13352c1424525579addc26e58fe5b069
-
SSDEEP
1536:7ptJlmrJpmxlRw99NBD+aEdV2ABDrtGcONzhSTSriGcNdrBgZI916TJaQ91:Vte2dw99fQ96AxGcdgE16r
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-