General
-
Target
84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118
-
Size
172KB
-
Sample
240530-wecf4afc8x
-
MD5
84f6d98e98ca56b63209a7ee80d9e22d
-
SHA1
5cea4b4a7989a73730c6329fd9ed346e99dd92b3
-
SHA256
14650f22ccd9ac8f4effcb6415afc3ee21a1a681e0d621888dd3e28a30e9e237
-
SHA512
4e4349e3ece2ef7b80066317aa8669887517dc678ed6f35d622b6a3014444e572dc9a5130522fe6fda4e78c4c42518c4c19dc14c9ccb648eee8fc196093a6d6d
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9gtxO8nq78ct2PU7MXKSSxH5pcKaJnt7y2F:erfrzOH98ipgrkBt7t
Behavioral task
behavioral1
Sample
84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://rhyton-building.com/wp-admin/Ey8qV0/
http://ezzll.com/wp-includes/KIU2WU/
http://tellmetech.com/wp-content/4ka/
https://elmundodelareposteria.com/wp-admin/0PVVmJm/
https://manuelrozas.cl/assets/XWN/
https://haritdharni.com/wp-admin/bZM/
https://theworks-group.com/site/pQT6j5/
Targets
-
-
Target
84f6d98e98ca56b63209a7ee80d9e22d_JaffaCakes118
-
Size
172KB
-
MD5
84f6d98e98ca56b63209a7ee80d9e22d
-
SHA1
5cea4b4a7989a73730c6329fd9ed346e99dd92b3
-
SHA256
14650f22ccd9ac8f4effcb6415afc3ee21a1a681e0d621888dd3e28a30e9e237
-
SHA512
4e4349e3ece2ef7b80066317aa8669887517dc678ed6f35d622b6a3014444e572dc9a5130522fe6fda4e78c4c42518c4c19dc14c9ccb648eee8fc196093a6d6d
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9gtxO8nq78ct2PU7MXKSSxH5pcKaJnt7y2F:erfrzOH98ipgrkBt7t
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-