General
-
Target
7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118
-
Size
265KB
-
Sample
240527-2ry4hsea73
-
MD5
7ad0b4306a1be84bfcf2d7796025cdce
-
SHA1
642aaaaabb19351d3cae740ced6430a81ba9ff98
-
SHA256
cb7fed639a8ea9b95fa1af6d317298a58346d67afd56a281d8ac0ab7196b1e61
-
SHA512
0936b28252f029ccd7cef4de2539fbd5ae1ef42735d07979d138aed7f2e30c5dfbcd2cd6c6197bd74f0b73bcb63ce47aa39897815c68556ebf5513d79d3dbe0c
-
SSDEEP
3072:7khgqkhgACSQKaSx+SbtYqS4fvS7GQRbSVuz1QzC9klhxztsZ5QPwYPy+SrvFUBU:7CwQK3RpVS7G4SVuz1QzLhxztsZGPwt
Behavioral task
behavioral1
Sample
7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://detectin.com/V4oLzhUPF
http://api.thememove.com/hQU6NxM5AE
http://efreedommaker.com/6mctGDu
http://www.devitforward.com/Y0PvANUb8x
http://nihilistpost.com/wp-content/AlDpmt6e4C
Targets
-
-
Target
7ad0b4306a1be84bfcf2d7796025cdce_JaffaCakes118
-
Size
265KB
-
MD5
7ad0b4306a1be84bfcf2d7796025cdce
-
SHA1
642aaaaabb19351d3cae740ced6430a81ba9ff98
-
SHA256
cb7fed639a8ea9b95fa1af6d317298a58346d67afd56a281d8ac0ab7196b1e61
-
SHA512
0936b28252f029ccd7cef4de2539fbd5ae1ef42735d07979d138aed7f2e30c5dfbcd2cd6c6197bd74f0b73bcb63ce47aa39897815c68556ebf5513d79d3dbe0c
-
SSDEEP
3072:7khgqkhgACSQKaSx+SbtYqS4fvS7GQRbSVuz1QzC9klhxztsZ5QPwYPy+SrvFUBU:7CwQK3RpVS7G4SVuz1QzLhxztsZGPwt
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-