General
-
Target
862e3fea6fd478433860e4dae4628210_JaffaCakes118
-
Size
155KB
-
Sample
240531-gxc31she6w
-
MD5
862e3fea6fd478433860e4dae4628210
-
SHA1
7c2499b9d5437b420ec72acdb9af8c6b444d2376
-
SHA256
ba194c165790fe37e147a5148a0e460acbf65bdbafbf0928bc1bd762359e0691
-
SHA512
d9bdaeca4eac695425c6daf18937ab967d523c79e1849e4a6602499bf36e9f0d60ad28f3cd702d8eea682db0254364b6ee50863c904e93c16139ee21a6ebe5dc
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXE1SwqE:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPH
Behavioral task
behavioral1
Sample
862e3fea6fd478433860e4dae4628210_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
862e3fea6fd478433860e4dae4628210_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://infokamp.com/edmatvu/XcvhTJMoveELDQSwTUGIwp/
http://aaitrader.com/wp-includes/TdWfQOsyteJAaXt/
http://hoststore.ro/wp-includes/iIyDhkZnoKGa/
https://fepa18.org/wp-admin/vZJPXdJUKbsQoR/
https://ioszm.com/wp-content/VKvRtbEjecrTUWtZwLJPTASMB/
Targets
-
-
Target
862e3fea6fd478433860e4dae4628210_JaffaCakes118
-
Size
155KB
-
MD5
862e3fea6fd478433860e4dae4628210
-
SHA1
7c2499b9d5437b420ec72acdb9af8c6b444d2376
-
SHA256
ba194c165790fe37e147a5148a0e460acbf65bdbafbf0928bc1bd762359e0691
-
SHA512
d9bdaeca4eac695425c6daf18937ab967d523c79e1849e4a6602499bf36e9f0d60ad28f3cd702d8eea682db0254364b6ee50863c904e93c16139ee21a6ebe5dc
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXE1SwqE:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-