General
-
Target
863237c4072cb93269f688996a9b93b2_JaffaCakes118
-
Size
195KB
-
Sample
240531-g25ntsae87
-
MD5
863237c4072cb93269f688996a9b93b2
-
SHA1
46d858e45ca262e8fceceecaeee084f877af72a4
-
SHA256
ea48e310224317a3a93d7679dbb50ae967383d973cf7713613d8a240224ff454
-
SHA512
5a1467efcc14cddaeed4436c3ba8e764ef603e2f44c0738f2d0966326048b672f77ace0efed55932898a080c8a04b230a43cb3652b7053f291edb140c7929d99
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a9k8ul8oPhEPmRl6VOn4B:2rfrzOH98ipgA8ul8uWP+l6VOn4B
Behavioral task
behavioral1
Sample
863237c4072cb93269f688996a9b93b2_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
863237c4072cb93269f688996a9b93b2_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://vstbar.com/wp-admin/Hs/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
http://shahqutubuddin.org/U/
http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
https://star-speed.vip/wp-admin/Ttv/
https://treneg.com.br/rfvmbh/a/
https://cimsjr.com/hospital/x2f/
Targets
-
-
Target
863237c4072cb93269f688996a9b93b2_JaffaCakes118
-
Size
195KB
-
MD5
863237c4072cb93269f688996a9b93b2
-
SHA1
46d858e45ca262e8fceceecaeee084f877af72a4
-
SHA256
ea48e310224317a3a93d7679dbb50ae967383d973cf7713613d8a240224ff454
-
SHA512
5a1467efcc14cddaeed4436c3ba8e764ef603e2f44c0738f2d0966326048b672f77ace0efed55932898a080c8a04b230a43cb3652b7053f291edb140c7929d99
-
SSDEEP
1536:2rdi1Ir77zOH98Wj2gpngh+a9k8ul8oPhEPmRl6VOn4B:2rfrzOH98ipgA8ul8uWP+l6VOn4B
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-