General
-
Target
8511094862b74d41d7018625a568569f_JaffaCakes118
-
Size
201KB
-
Sample
240530-11n48sbb5w
-
MD5
8511094862b74d41d7018625a568569f
-
SHA1
21cf9ac2854d63aebf84df14557a1f0de77b9bf4
-
SHA256
3873789add951f7faaee58644422e134440be2903271725124cff640acd0ad4d
-
SHA512
cde23153688e3760c45012e50f102f0ecf52e66f7a4a99fc0f59b896a3102a9743dc23ea12de38a57fdffc35f15c4b7e133ff07f9204bbfd37b2473bb0709355
-
SSDEEP
3072:E4PrXcuQuvpzm4bkiaMQgAlSiTisQKz3wGB/TOk/z3Iw0v:ZDRv1m4bnQgISE/3wGB/TOkjIw0v
Behavioral task
behavioral1
Sample
8511094862b74d41d7018625a568569f_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8511094862b74d41d7018625a568569f_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://cahayu.id/wp-includes/jSi7Fd1r2wtg64969/
https://anhung1102.vn/wp-admin/LtirUcNdN/
https://idan-online.co.il/wp-admin/PPf124q2l26832/
http://www.canfrec.com.mx/4swBvrmkkp/VqcoomQpd/
http://dhartiproject.mysquare.in/temp/ZJd8p5u49737132/
https://lokeshullamkecskemet.hu/mail/Jnilw/
http://armonimalatya.com/dermatomic/77qo1g74024/
Targets
-
-
Target
8511094862b74d41d7018625a568569f_JaffaCakes118
-
Size
201KB
-
MD5
8511094862b74d41d7018625a568569f
-
SHA1
21cf9ac2854d63aebf84df14557a1f0de77b9bf4
-
SHA256
3873789add951f7faaee58644422e134440be2903271725124cff640acd0ad4d
-
SHA512
cde23153688e3760c45012e50f102f0ecf52e66f7a4a99fc0f59b896a3102a9743dc23ea12de38a57fdffc35f15c4b7e133ff07f9204bbfd37b2473bb0709355
-
SSDEEP
3072:E4PrXcuQuvpzm4bkiaMQgAlSiTisQKz3wGB/TOk/z3Iw0v:ZDRv1m4bnQgISE/3wGB/TOkjIw0v
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-