General
-
Target
873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118
-
Size
106KB
-
Sample
240531-q643jaaf51
-
MD5
873aef95f5dd92455cdc82fac13d7f5d
-
SHA1
69c117990e53745a97680c2b4358aaa2445cd9a4
-
SHA256
21a32b9e696a24a81a26ff3d347f2c9ce3010e7a11dbd618be446df2eada3831
-
SHA512
a5efa7b84ee9d1dbc6cb7790e34432425f2dbfbc2355f63c20cc4e5d399ff99c917a40e727373c3faac5a4c190c24e28690160314efa459ec14e0f58ed6cfc7d
-
SSDEEP
1536:oDMeOY5C6OJsdBpZWt+a9BRlitMe8ibS4HM6HAftBxPbH:o4eOY5CTsdAzBe8ibbM7fPxzH
Behavioral task
behavioral1
Sample
873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://kamstraining.com/wp-admin/QKCb/
http://akashicinsights.com/aspnet_client/YCm/
http://alexwacker.com/nginx-custom/fM9vv/
http://javiersandin.com/001/AJY8/
http://lesgarconsdugazon.com/1p8tost/RlQPE/
Targets
-
-
Target
873aef95f5dd92455cdc82fac13d7f5d_JaffaCakes118
-
Size
106KB
-
MD5
873aef95f5dd92455cdc82fac13d7f5d
-
SHA1
69c117990e53745a97680c2b4358aaa2445cd9a4
-
SHA256
21a32b9e696a24a81a26ff3d347f2c9ce3010e7a11dbd618be446df2eada3831
-
SHA512
a5efa7b84ee9d1dbc6cb7790e34432425f2dbfbc2355f63c20cc4e5d399ff99c917a40e727373c3faac5a4c190c24e28690160314efa459ec14e0f58ed6cfc7d
-
SSDEEP
1536:oDMeOY5C6OJsdBpZWt+a9BRlitMe8ibS4HM6HAftBxPbH:o4eOY5CTsdAzBe8ibbM7fPxzH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-