General
-
Target
8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118
-
Size
158KB
-
Sample
240531-atvekaha94
-
MD5
8570ca7a6e6a80e58cdf2ad73fb349b5
-
SHA1
25b7b50c104334f499fb109646083831f0183d06
-
SHA256
ae651bbc1bb9cb216ddeae09b03346aa86c991c00d59ad680a83343eac0d4da2
-
SHA512
d3af4c89b3c1506875f961dc7082b4860b9af75dff19fec3221da5de55584cfcadd0a1ae6d6010b77d5f6bc8d92ae9241fbf6464a7184e62e8b677b43571193b
-
SSDEEP
1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9WlJi2V:1rfrzOH98ipgUY2V
Behavioral task
behavioral1
Sample
8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://case.gonukkad.com/sys-cache/CjT/
https://starrcoin.net/wp-admin/YT/
http://modelaw.devkind.com.au/wp-admin/cvDRmGK/
http://dprkp.palembang.go.id/sys-cache/7Y4aHw/
http://completeguideblogging.com/euiot/PAuJG/
http://qutiche.cn/wp-admin/Q/
https://shiva-engineering.com/1cj/tKemHV7/
Targets
-
-
Target
8570ca7a6e6a80e58cdf2ad73fb349b5_JaffaCakes118
-
Size
158KB
-
MD5
8570ca7a6e6a80e58cdf2ad73fb349b5
-
SHA1
25b7b50c104334f499fb109646083831f0183d06
-
SHA256
ae651bbc1bb9cb216ddeae09b03346aa86c991c00d59ad680a83343eac0d4da2
-
SHA512
d3af4c89b3c1506875f961dc7082b4860b9af75dff19fec3221da5de55584cfcadd0a1ae6d6010b77d5f6bc8d92ae9241fbf6464a7184e62e8b677b43571193b
-
SSDEEP
1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9WlJi2V:1rfrzOH98ipgUY2V
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-