General
-
Target
856821322ec372efc0dbc3675a2ee75d_JaffaCakes118
-
Size
229KB
-
Sample
240531-alen5sff9y
-
MD5
856821322ec372efc0dbc3675a2ee75d
-
SHA1
edfa6fad14b4df5a016952ca7dab2a691deac416
-
SHA256
1be44b0e843c0ede8c1b58ee3afe9065f73a230e766ed2943675c2f9e19940cd
-
SHA512
ae6e72ef9b746e51f401d3ef2dd34afe6ea471b20b7e67f2104dcfcac0d5e008d076f2318cf566f0563f6a92d63ad5b847bc3a9a14c69d811e92924ccaf20618
-
SSDEEP
3072:DYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////a:V0uXnWFchmmcI/o1/h//mwU0Qa
Behavioral task
behavioral1
Sample
856821322ec372efc0dbc3675a2ee75d_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
856821322ec372efc0dbc3675a2ee75d_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://theexchangemascot.com/cgi-bin/EPorHOo/
http://zarahmoden.com/wp-admin/oyF/
http://www.taleotecnoracing.com/font/vQDBrVh/
http://wijgaanscheiden.com/golfupdate.nl/Vlq60c/
http://yachtresort.net/wp-admin/6Jwnw/
http://sukhumvithomes.com/wp-includes/WNy9/
https://www.xindakitalia.com/download/1/
Targets
-
-
Target
856821322ec372efc0dbc3675a2ee75d_JaffaCakes118
-
Size
229KB
-
MD5
856821322ec372efc0dbc3675a2ee75d
-
SHA1
edfa6fad14b4df5a016952ca7dab2a691deac416
-
SHA256
1be44b0e843c0ede8c1b58ee3afe9065f73a230e766ed2943675c2f9e19940cd
-
SHA512
ae6e72ef9b746e51f401d3ef2dd34afe6ea471b20b7e67f2104dcfcac0d5e008d076f2318cf566f0563f6a92d63ad5b847bc3a9a14c69d811e92924ccaf20618
-
SSDEEP
3072:DYy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////a:V0uXnWFchmmcI/o1/h//mwU0Qa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-