General
-
Target
7825e99149a8757b387be949c1345fd1_JaffaCakes118
-
Size
86KB
-
Sample
240527-gvqlbsae7t
-
MD5
7825e99149a8757b387be949c1345fd1
-
SHA1
0f0cc660d9f39edf758d43b139cc6b368240c721
-
SHA256
9f1ae857de12b8d37728ebacda50b5233e2b6bee30be539f1403fe603a36c1ac
-
SHA512
9f8dc9ffb2c131a61d2b0b327e84280b16686450b6669f58c974941a9404489429d4d2cd33df921b7242624aaea3dfad525122704cdbd650579fc9bfd7c5263b
-
SSDEEP
1536:VptJlmrJpmxlRw99NBE+aGC3CDp1n+xYpKY:rte2dw99fE3mbn+2pZ
Behavioral task
behavioral1
Sample
7825e99149a8757b387be949c1345fd1_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7825e99149a8757b387be949c1345fd1_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://alpharockgroup.com/HT
http://adminflex.dk/l5TF6w
http://gailong.net/X5AyWfJG
http://shunji.org/logsite/TJaaB
http://binar48.ru/OtTlVIU5
Targets
-
-
Target
7825e99149a8757b387be949c1345fd1_JaffaCakes118
-
Size
86KB
-
MD5
7825e99149a8757b387be949c1345fd1
-
SHA1
0f0cc660d9f39edf758d43b139cc6b368240c721
-
SHA256
9f1ae857de12b8d37728ebacda50b5233e2b6bee30be539f1403fe603a36c1ac
-
SHA512
9f8dc9ffb2c131a61d2b0b327e84280b16686450b6669f58c974941a9404489429d4d2cd33df921b7242624aaea3dfad525122704cdbd650579fc9bfd7c5263b
-
SSDEEP
1536:VptJlmrJpmxlRw99NBE+aGC3CDp1n+xYpKY:rte2dw99fE3mbn+2pZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-