General
-
Target
799771ed49526278d6116d80ed800eae_JaffaCakes118
-
Size
824KB
-
Sample
240527-s1zlzaab67
-
MD5
799771ed49526278d6116d80ed800eae
-
SHA1
c25fe6f2cd4e4bb23df3c70cff9966a4fdf02242
-
SHA256
592b3020e3d173ec6a83f9c082843097740cc293a786ed1e1e066cfff97dd82f
-
SHA512
fbef4ffe7fc1b41ffa816cd7a0c88f19bcd0037249a6fb5e87b3bcabef5a61601ad711911057ff804e4320435a45ceb5da0eed74fdf49561ae661b26527521fa
-
SSDEEP
12288:e+WhWEyIuvEpsdBOHkY2iBL1gda4mEqLLNrTtOpsdfU:eIRITpsdwHkibijqLhrTkpsd8
Static task
static1
Behavioral task
behavioral1
Sample
799771ed49526278d6116d80ed800eae_JaffaCakes118.rtf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
799771ed49526278d6116d80ed800eae_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.8
ch36
hookbug.com
useicar.net
plentyofhosting.com
finalmary.win
pacwestcoastalproperties.com
prideharmonyfoundation.com
royaltakeout.com
lephare-shop.com
alphaomeganetworks.com
solistkonsilanlari.com
yj-info.net
badajozbeerlab.com
wwwjsvip9999.com
centraltexasrvpark.net
hosofb789.com
roademissions.com
toscanaristorazione.com
jrmsj.com
sweetsncandy.com
hzcrgg.com
sonerpar.com
xn--68s.com
tulacoin.com
fotoknihy.cloud
baguettebistro.net
miranet-technologies.com
bricksontour.com
gsbg.online
cameroonmarketing.com
simphiwe.com
shuangsim.com
qg0ficll0.biz
marcosnovaisedaniela.com
bleuproof.com
v64w3.info
eugeniaolenka.com
fi0rgl.info
chenyunchao.com
8o474.com
dijar.win
lorenzofernando.com
zebrita.com
techhomebuilding.net
thenexus.email
primavalve.com
legiondj.com
newbjlhuedu.com
wobblyfinancials.life
killignorancenotourkids.info
comoestouvencendoaobesidade.com
vendorscafe.com
manette-playstation.com
dtchun.com
lahdee.net
bestpetmed.com
miro.ltd
hierges.net
fairytalefitness.com
crb.company
mysignage.net
rockmakerscissors.info
apkspices.com
astronumerologyreading.com
mamstreet.com
empoweremyv.com
Targets
-
-
Target
799771ed49526278d6116d80ed800eae_JaffaCakes118
-
Size
824KB
-
MD5
799771ed49526278d6116d80ed800eae
-
SHA1
c25fe6f2cd4e4bb23df3c70cff9966a4fdf02242
-
SHA256
592b3020e3d173ec6a83f9c082843097740cc293a786ed1e1e066cfff97dd82f
-
SHA512
fbef4ffe7fc1b41ffa816cd7a0c88f19bcd0037249a6fb5e87b3bcabef5a61601ad711911057ff804e4320435a45ceb5da0eed74fdf49561ae661b26527521fa
-
SSDEEP
12288:e+WhWEyIuvEpsdBOHkY2iBL1gda4mEqLLNrTtOpsdfU:eIRITpsdwHkibijqLhrTkpsd8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-