General
-
Target
86e0b526d070d45d1c67dc945a996262JaffaCakes118
-
Size
251KB
-
Sample
240531-p1jzqshh74
-
MD5
86e0b526d070d45d1c67dc945a996262
-
SHA1
18bab0261d96c314e85df081876f1e223375a6a9
-
SHA256
7c71b980b5d06b02c7a2b304ebdd8c23039d1b1f64b983d30601a85f5946fe8f
-
SHA512
dac3b8daa4e2baacf6c32d1c7c358515c71bfd0f8f49dc79a4a4582a730a4acc4aae3d920e4d3d1de56f86166f776487e077f5b5440223eed66df4318232a814
-
SSDEEP
3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////j:C0uXnWFchmmcI/o1/e2yaRe
Behavioral task
behavioral1
Sample
86e0b526d070d45d1c67dc945a996262JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
86e0b526d070d45d1c67dc945a996262JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://hoagietesting10.com/wp-content/SJ/
http://iscamenabe.com/wp-content/1PR/
http://vietmade.org/wp-admin/8/
http://www.filamchimovies.com/wp-admin/8/
https://strattonmobile.com/wp-content/yl/
https://blog.qgdxzs.com/wp-admin/I/
http://vietsex.pro/wp-content/PX/
Targets
-
-
Target
86e0b526d070d45d1c67dc945a996262JaffaCakes118
-
Size
251KB
-
MD5
86e0b526d070d45d1c67dc945a996262
-
SHA1
18bab0261d96c314e85df081876f1e223375a6a9
-
SHA256
7c71b980b5d06b02c7a2b304ebdd8c23039d1b1f64b983d30601a85f5946fe8f
-
SHA512
dac3b8daa4e2baacf6c32d1c7c358515c71bfd0f8f49dc79a4a4582a730a4acc4aae3d920e4d3d1de56f86166f776487e077f5b5440223eed66df4318232a814
-
SSDEEP
3072:6Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////j:C0uXnWFchmmcI/o1/e2yaRe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-