General
-
Target
8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118
-
Size
199KB
-
Sample
240531-q2te8sae61
-
MD5
8734d3348c99ddb0f59bbebf287b14a5
-
SHA1
98ed33828491634ed53de01649a3850294286f51
-
SHA256
7a5be8b684f6705a6123279518f533f46e5a7d8a94701304b10d5baae90e7325
-
SHA512
6dc6d60e033c7ed29d681bd980ae5e12ed78df99528d8567389366ac15eca0fb20c756528cf9729376043bff110b08b56a431ddf8f6884252e39d28177010b8f
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZspfRvAKp/Rx:d/TX07hHcJQgJx
Behavioral task
behavioral1
Sample
8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://ora-ks.com/system/cache/MF1h/
http://megasolucoesti.com/R9KDq0O8w/s3/
http://buyparrotsaustralia.com/4318z/q/
https://dubai-homes.ae/wp-admin/4v/
http://adventureitdate.com/wp-admin/7/
http://blog.zunapro.com/wp-admin/GoSV/
https://fepami.com/wp-includes/h/
Targets
-
-
Target
8734d3348c99ddb0f59bbebf287b14a5_JaffaCakes118
-
Size
199KB
-
MD5
8734d3348c99ddb0f59bbebf287b14a5
-
SHA1
98ed33828491634ed53de01649a3850294286f51
-
SHA256
7a5be8b684f6705a6123279518f533f46e5a7d8a94701304b10d5baae90e7325
-
SHA512
6dc6d60e033c7ed29d681bd980ae5e12ed78df99528d8567389366ac15eca0fb20c756528cf9729376043bff110b08b56a431ddf8f6884252e39d28177010b8f
-
SSDEEP
3072:Vqg22TWTogk079THcpOu5UZspfRvAKp/Rx:d/TX07hHcJQgJx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-