General
-
Target
850929805a67e05c26848de22eb839e1_JaffaCakes118
-
Size
179KB
-
Sample
240530-1tsh3sag91
-
MD5
850929805a67e05c26848de22eb839e1
-
SHA1
1b7433e0d938822990b941d8129512fe6b83912d
-
SHA256
7baf6437673fed0c5576c8ffbecd4fdb1bc262a0fd3423a401420a809f095319
-
SHA512
045c1a640ac417f263c2c824e8a1aecab749b35a5e6fc2754fecbd96cef7a27cd727613b48c848dc47d95c2cc975e053eec36400489aaba5ace357c9c051032b
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9VSGIRK9b/WYjd2LO6h/QC27TxvY:crfrzOH98ipgdSGYK9TngLOm27TxvY
Behavioral task
behavioral1
Sample
850929805a67e05c26848de22eb839e1_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
850929805a67e05c26848de22eb839e1_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://sasystemsuk.com/index_files/j9b/
https://case.gonukkad.com/sys-cache/fmC/
http://vandamebuilders.com/wp-includes/OEyjc9x/
https://nilinkeji.com/online/Dmz/
http://paganwitch.com/wp-admin/CmubpSk/
http://www.ekramco.ir/english/fn/
http://votesteve.us/closed_zone/Bk/
Targets
-
-
Target
850929805a67e05c26848de22eb839e1_JaffaCakes118
-
Size
179KB
-
MD5
850929805a67e05c26848de22eb839e1
-
SHA1
1b7433e0d938822990b941d8129512fe6b83912d
-
SHA256
7baf6437673fed0c5576c8ffbecd4fdb1bc262a0fd3423a401420a809f095319
-
SHA512
045c1a640ac417f263c2c824e8a1aecab749b35a5e6fc2754fecbd96cef7a27cd727613b48c848dc47d95c2cc975e053eec36400489aaba5ace357c9c051032b
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9VSGIRK9b/WYjd2LO6h/QC27TxvY:crfrzOH98ipgdSGYK9TngLOm27TxvY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-