General
-
Target
8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118
-
Size
169KB
-
Sample
240531-klrzkscf8x
-
MD5
8668c8724ee7fdfd5a6a6c6a20c001f2
-
SHA1
513f9d02045ac6d86cff255f65fb1d7936a8722d
-
SHA256
4de4f40c0e62b58b0257dacf98877c1696f65b286b060ec097e98177e3bd7a7a
-
SHA512
4616e7929643f2c358a9be562ab8cfd0107380e493d9241ba960999bcdfc43c4e79556b6bbe7ee3f23b6e59193d80f69236ea6204d879e701d59fb8d5fb9b700
-
SSDEEP
1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5iw:yrfrzOH98ipgBPLQRq/F
Behavioral task
behavioral1
Sample
8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://geevida.com/wp-admin/DhWo/
http://elrofanfoods.com/wp-admin/qc/
https://volcanict.com/wp-admin/LfWFF/
http://xmjadever.com/wp-admin/FTOXI/
https://gbmcleaning.com/1/Gdk5eqv/
https://kingchuen.com/cgi-bin/KQ/
https://billc46.com/uf65/H4/
Targets
-
-
Target
8668c8724ee7fdfd5a6a6c6a20c001f2_JaffaCakes118
-
Size
169KB
-
MD5
8668c8724ee7fdfd5a6a6c6a20c001f2
-
SHA1
513f9d02045ac6d86cff255f65fb1d7936a8722d
-
SHA256
4de4f40c0e62b58b0257dacf98877c1696f65b286b060ec097e98177e3bd7a7a
-
SHA512
4616e7929643f2c358a9be562ab8cfd0107380e493d9241ba960999bcdfc43c4e79556b6bbe7ee3f23b6e59193d80f69236ea6204d879e701d59fb8d5fb9b700
-
SSDEEP
1536:AGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP340Vzy7dUWqHe43d9T96aEH5iw:yrfrzOH98ipgBPLQRq/F
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-