General
-
Target
857688f4b575709514490c56260cda85_JaffaCakes118
-
Size
163KB
-
Sample
240531-ay1gdagc6z
-
MD5
857688f4b575709514490c56260cda85
-
SHA1
b8141c5db9703bca25fde0777aaa1e8f9a0bbff8
-
SHA256
ed51b266a21df3fdcb9688895ed3065cc8167122d60134e9b25eccd669446ec2
-
SHA512
774dca8cd9dff22a72a766530e08fc309e886ee2e4ffb92c1ecc63aec27b03e297fca062957084562c520928e937dc46aee2cdd3eec5ff351fb5ba33650fd81a
-
SSDEEP
1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Bay9y0J6f264NWE:mrfrzOH98ipgjPJ6fQWE
Behavioral task
behavioral1
Sample
857688f4b575709514490c56260cda85_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
857688f4b575709514490c56260cda85_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://www.yusukelife.com/wp/ure/
https://www.ingyouth.com/wp-includes/0zCW/
http://alphapharma247.com/wp-content/plugins/r/
http://muanha24h.com/wp-content/fHS7/
http://buyhacks.net/wp-content/jgLqdhk/
https://comsotaque.com/wp-includes/5i/
https://qualitychildcarepreschool.com/emqblk/Ik2D/
Targets
-
-
Target
857688f4b575709514490c56260cda85_JaffaCakes118
-
Size
163KB
-
MD5
857688f4b575709514490c56260cda85
-
SHA1
b8141c5db9703bca25fde0777aaa1e8f9a0bbff8
-
SHA256
ed51b266a21df3fdcb9688895ed3065cc8167122d60134e9b25eccd669446ec2
-
SHA512
774dca8cd9dff22a72a766530e08fc309e886ee2e4ffb92c1ecc63aec27b03e297fca062957084562c520928e937dc46aee2cdd3eec5ff351fb5ba33650fd81a
-
SSDEEP
1536:VAhXAhordi1Ir77zOH98Wj2gpngN+a9Bay9y0J6f264NWE:mrfrzOH98ipgjPJ6fQWE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-