General
-
Target
86f4b07c12619898e6537f3a7fc42b27JaffaCakes118
-
Size
172KB
-
Sample
240531-pzzzkahh53
-
MD5
86f4b07c12619898e6537f3a7fc42b27
-
SHA1
d51570c3e62d49162ef9c5f5a77aba1bf3473b1b
-
SHA256
6e2cda657096507928f8bb65b77f8d938d6d2ade6834ab9c0fab27458f8e2566
-
SHA512
6e01e4758983cfcb47d1de320f955d589a51a0dd178c25ea5b81f47be3e165d02ce24ef4876f9e64e00bb42d0b7b5af434292ff77b5edc81a2b10aea1eeadde9
-
SSDEEP
1536:LGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP2hCYey7dL6PhLtHrxM43atHtjg:ZrfrzOH98ipg0HD+3KvoEwLQ
Behavioral task
behavioral1
Sample
86f4b07c12619898e6537f3a7fc42b27JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
86f4b07c12619898e6537f3a7fc42b27JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://smartfarmsky.com/kdxhp/K/
https://theonesmartpiano.com/wp-admin/css/colors/modern/W/
https://www.breedenandsilver.com/wp-content/W3/
https://blog.workshots.net/bibqcr9/GSB/
https://lggpm.live/cgi-bin/Yq/
https://sodalite.life/wp-content/uploads/Fl/
https://classroom.live/wp-content/OlY/
Targets
-
-
Target
86f4b07c12619898e6537f3a7fc42b27JaffaCakes118
-
Size
172KB
-
MD5
86f4b07c12619898e6537f3a7fc42b27
-
SHA1
d51570c3e62d49162ef9c5f5a77aba1bf3473b1b
-
SHA256
6e2cda657096507928f8bb65b77f8d938d6d2ade6834ab9c0fab27458f8e2566
-
SHA512
6e01e4758983cfcb47d1de320f955d589a51a0dd178c25ea5b81f47be3e165d02ce24ef4876f9e64e00bb42d0b7b5af434292ff77b5edc81a2b10aea1eeadde9
-
SSDEEP
1536:LGGGGGGGGGG2xJLEt+LaaGGGGGGGGGGjLo9xiP2hCYey7dL6PhLtHrxM43atHtjg:ZrfrzOH98ipg0HD+3KvoEwLQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-