General
-
Target
870fe07adc7ff90f5630057924749eab_JaffaCakes118
-
Size
173KB
-
Sample
240531-p2fzgahd21
-
MD5
870fe07adc7ff90f5630057924749eab
-
SHA1
8784f90ed0c1c1557284fa95309c207e19a9a759
-
SHA256
fabd2f3729de07ef5f673b245597b0d770876cb520d02fe15d4e9e62c7c7efde
-
SHA512
63cf5ec3ae1d66db62a8d64d51fd19ca01a8242d03c8e786e49486545148743538e933c4ba50a73f7d6664f454b01b563033bb50a1d822b2462c3b5081b630ef
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9mpxO8nq78ct2PU7MXKSSxH5pcKaJnU7y2V:erfrzOH98ipg1kBU79
Behavioral task
behavioral1
Sample
870fe07adc7ff90f5630057924749eab_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
870fe07adc7ff90f5630057924749eab_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://rhyton-building.com/wp-admin/Ey8qV0/
http://ezzll.com/wp-includes/KIU2WU/
http://tellmetech.com/wp-content/4ka/
https://elmundodelareposteria.com/wp-admin/0PVVmJm/
https://manuelrozas.cl/assets/XWN/
https://haritdharni.com/wp-admin/bZM/
https://theworks-group.com/site/pQT6j5/
Targets
-
-
Target
870fe07adc7ff90f5630057924749eab_JaffaCakes118
-
Size
173KB
-
MD5
870fe07adc7ff90f5630057924749eab
-
SHA1
8784f90ed0c1c1557284fa95309c207e19a9a759
-
SHA256
fabd2f3729de07ef5f673b245597b0d770876cb520d02fe15d4e9e62c7c7efde
-
SHA512
63cf5ec3ae1d66db62a8d64d51fd19ca01a8242d03c8e786e49486545148743538e933c4ba50a73f7d6664f454b01b563033bb50a1d822b2462c3b5081b630ef
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9mpxO8nq78ct2PU7MXKSSxH5pcKaJnU7y2V:erfrzOH98ipg1kBU79
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-