General
-
Target
862d28b98cd5045920effd016877bf9a_JaffaCakes118
-
Size
162KB
-
Sample
240531-gv6mjshe3x
-
MD5
862d28b98cd5045920effd016877bf9a
-
SHA1
dc4245e1188b379c51e3fd6df759e7cf53ea1c3c
-
SHA256
eebe99de8b728086eee179946bbb49bece053df02ee45f5fd5b345a6dcfa4143
-
SHA512
aa75782e759cac39c614edb8e8bb99c84073730cce7c267d92f8a2a68bc8cc92a9e9f0c9b1142dbb35a15abaca20827608f1819dac9f26c0a1522edbe0689b01
-
SSDEEP
1536:MEtcE/QfgdtcE/Qfg6rdi1Ir77zOH98Wj2gpngx+a961CQdsOxPs:qrfrzOH98ipgXQdsOxs
Behavioral task
behavioral1
Sample
862d28b98cd5045920effd016877bf9a_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
862d28b98cd5045920effd016877bf9a_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://guhaasmart.com/wp-content/Sso8T2/
https://nacosvn.com/wp-includes/UiyQMhptt/
http://c.mymortgagegenius.ca/lib/0sbH/
http://groupbps.com/wp-content/uploads/2020/0ez5uo/
http://americaslegalchoice.com/phpmyadmin/nGddnFoDW/
https://cir.irb.hr/wp-content/Dl9/
http://zplusshopping.com/wp-content/plugins/XgOR6A/
Targets
-
-
Target
862d28b98cd5045920effd016877bf9a_JaffaCakes118
-
Size
162KB
-
MD5
862d28b98cd5045920effd016877bf9a
-
SHA1
dc4245e1188b379c51e3fd6df759e7cf53ea1c3c
-
SHA256
eebe99de8b728086eee179946bbb49bece053df02ee45f5fd5b345a6dcfa4143
-
SHA512
aa75782e759cac39c614edb8e8bb99c84073730cce7c267d92f8a2a68bc8cc92a9e9f0c9b1142dbb35a15abaca20827608f1819dac9f26c0a1522edbe0689b01
-
SSDEEP
1536:MEtcE/QfgdtcE/Qfg6rdi1Ir77zOH98Wj2gpngx+a961CQdsOxPs:qrfrzOH98ipgXQdsOxs
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-