General
-
Target
850c442276250171efb1ec92dc37b929_JaffaCakes118
-
Size
133KB
-
Sample
240530-1xk86scb69
-
MD5
850c442276250171efb1ec92dc37b929
-
SHA1
eb4667737cbe353a8213e099aafe860d7755a45f
-
SHA256
0c504465913365c52057b1ffcf7480f785a739fa82edfd694d893c02e702e950
-
SHA512
ae26789404876703397a34643fd861331d81f74fadda8391895dc245e298462aa5fd02aeee063aaa5665748c5f2879f63af30358a3017d3f96bba3614e2b0ffc
-
SSDEEP
3072:I77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qj5Fd6H9mSJvuLpk:I77HUUUUUUUUUUUUUUUUUUUT52VA5Fd0
Behavioral task
behavioral1
Sample
850c442276250171efb1ec92dc37b929_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
850c442276250171efb1ec92dc37b929_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://duanlocphatresidence.com/wp-admin/f350/
http://momentsbynatali.com/wp-admin/tvdt421480/
http://merodeshonline.com/wp/af133599/
http://nguyenminhhoang.xyz/wordpress/ip21979/
http://inpolpe.com/stock/zjgv6686843/
Targets
-
-
Target
850c442276250171efb1ec92dc37b929_JaffaCakes118
-
Size
133KB
-
MD5
850c442276250171efb1ec92dc37b929
-
SHA1
eb4667737cbe353a8213e099aafe860d7755a45f
-
SHA256
0c504465913365c52057b1ffcf7480f785a739fa82edfd694d893c02e702e950
-
SHA512
ae26789404876703397a34643fd861331d81f74fadda8391895dc245e298462aa5fd02aeee063aaa5665748c5f2879f63af30358a3017d3f96bba3614e2b0ffc
-
SSDEEP
3072:I77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qj5Fd6H9mSJvuLpk:I77HUUUUUUUUUUUUUUUUUUUT52VA5Fd0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-