General
-
Target
86800a66ca6607f99b72ce82ee968b25_JaffaCakes118
-
Size
200KB
-
Sample
240531-k9velsea27
-
MD5
86800a66ca6607f99b72ce82ee968b25
-
SHA1
06517c32fa54721e8271fcf230e12ac0c24a5c10
-
SHA256
b6f19a90da65451d33a9e9b5a8acc07432a84ebb7e6ad6d0f7fc29a4a53ab582
-
SHA512
2861cbb7d6f9f194bc4d37018be376964b2f7e9e2ea73093af57568d0ae8d92a3652f001112470dd3290dd8d71b47a56d08ba2e09f413174371ec5c52b8b1a0b
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZ4pfRvAKpqRz:d/TX07hHcJQssz
Behavioral task
behavioral1
Sample
86800a66ca6607f99b72ce82ee968b25_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
86800a66ca6607f99b72ce82ee968b25_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://ora-ks.com/system/cache/MF1h/
http://megasolucoesti.com/R9KDq0O8w/s3/
http://buyparrotsaustralia.com/4318z/q/
https://dubai-homes.ae/wp-admin/4v/
http://adventureitdate.com/wp-admin/7/
http://blog.zunapro.com/wp-admin/GoSV/
https://fepami.com/wp-includes/h/
Targets
-
-
Target
86800a66ca6607f99b72ce82ee968b25_JaffaCakes118
-
Size
200KB
-
MD5
86800a66ca6607f99b72ce82ee968b25
-
SHA1
06517c32fa54721e8271fcf230e12ac0c24a5c10
-
SHA256
b6f19a90da65451d33a9e9b5a8acc07432a84ebb7e6ad6d0f7fc29a4a53ab582
-
SHA512
2861cbb7d6f9f194bc4d37018be376964b2f7e9e2ea73093af57568d0ae8d92a3652f001112470dd3290dd8d71b47a56d08ba2e09f413174371ec5c52b8b1a0b
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZ4pfRvAKpqRz:d/TX07hHcJQssz
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-