General
-
Target
8706587158ac4a18a192fcef49c1cdc9_JaffaCakes118
-
Size
188KB
-
Sample
240531-psfbksha8z
-
MD5
8706587158ac4a18a192fcef49c1cdc9
-
SHA1
c9d8bf3a6cd8478bc7ffad357e5962e9185a6de0
-
SHA256
bb671b26a57e497dd769b55a4401db0186621a028301d9d577717b6f4186c3ec
-
SHA512
b8a3a29a89caec87fdcd7a8981bac28377f43df927bda18fe8dbe5871d331a296387aee9bf49bbf868ffbea14f5a939e1eb61272e981fe66a5294eefa16c0582
-
SSDEEP
1536:rrdi1Ir77zOH98Wj2gpngt+a9AK37MgT7TxZk5tBRt9k6H+A:rrfrzOH98ipgdrMgT3ytHt9ZH+A
Behavioral task
behavioral1
Sample
8706587158ac4a18a192fcef49c1cdc9_JaffaCakes118.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8706587158ac4a18a192fcef49c1cdc9_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://geisterhouse.com/cgi-bin/LAb1/
http://amyemitchell.com/themes/w/
http://forestanalytics.net/images/57A7/
https://konican.com/cgi-bin/cWu/
http://strike3productions.com/squad/3aV6xrH/
http://riandutra.com/img/wOMENgh/
http://justinscott.com.au/sites/rRS/
Targets
-
-
Target
8706587158ac4a18a192fcef49c1cdc9_JaffaCakes118
-
Size
188KB
-
MD5
8706587158ac4a18a192fcef49c1cdc9
-
SHA1
c9d8bf3a6cd8478bc7ffad357e5962e9185a6de0
-
SHA256
bb671b26a57e497dd769b55a4401db0186621a028301d9d577717b6f4186c3ec
-
SHA512
b8a3a29a89caec87fdcd7a8981bac28377f43df927bda18fe8dbe5871d331a296387aee9bf49bbf868ffbea14f5a939e1eb61272e981fe66a5294eefa16c0582
-
SSDEEP
1536:rrdi1Ir77zOH98Wj2gpngt+a9AK37MgT7TxZk5tBRt9k6H+A:rrfrzOH98ipgdrMgT3ytHt9ZH+A
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-