General
-
Target
85196271770a0266d9740af0d83478d9_JaffaCakes118
-
Size
187KB
-
Sample
240530-19156abe91
-
MD5
85196271770a0266d9740af0d83478d9
-
SHA1
a253dee66e6b58b8ae2c2c67fe6b1610b7f74fff
-
SHA256
9bb91b50d2adb4ad6ff0f68321018a4273ea0df40c67014bd957351d0929378f
-
SHA512
01062e45841fe4ac0f19c38b613040df4db8ac4f91d2da3a57e02ecaf5547b36bf3a37424d30569da6fd1013ddbea23985b3d45baf43d7c317879d47bdad88bd
-
SSDEEP
1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCAw:zrfrzOH98ipgveHR
Behavioral task
behavioral1
Sample
85196271770a0266d9740af0d83478d9_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
85196271770a0266d9740af0d83478d9_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://scrappy.upsproutmedia.com/wp-admin/J/
https://china-specialist.com/wp-content/YrLG/
https://www.upsproutmedia.com/wp-admin/M/
http://pagearrow.com/wordpress/B/
http://a.xuezha.cn/lajop/OYdUzf/
http://blog.saadata.com/cgi-bin/vwz/
http://zeeamfashion.com/content/rqoL/
Targets
-
-
Target
85196271770a0266d9740af0d83478d9_JaffaCakes118
-
Size
187KB
-
MD5
85196271770a0266d9740af0d83478d9
-
SHA1
a253dee66e6b58b8ae2c2c67fe6b1610b7f74fff
-
SHA256
9bb91b50d2adb4ad6ff0f68321018a4273ea0df40c67014bd957351d0929378f
-
SHA512
01062e45841fe4ac0f19c38b613040df4db8ac4f91d2da3a57e02ecaf5547b36bf3a37424d30569da6fd1013ddbea23985b3d45baf43d7c317879d47bdad88bd
-
SSDEEP
1536:tGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xildYXY9YgddT/Ephoj18sov8sCAw:zrfrzOH98ipgveHR
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-