General
-
Target
872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118
-
Size
216KB
-
Sample
240531-qvyrdaac9w
-
MD5
872cd0d6fc9037131b6f2bdcfa7cbee5
-
SHA1
5d6eb7600b06659eb2b77105e606990209e3d7b9
-
SHA256
cce15dec3bc1410569a816b6fac4c8f582b572af674a8fc37b31864bc92e417b
-
SHA512
21bec23ffbe96a4f30ccd0e0ccee873654d9fc9ab5455267b8f012e8d0739b9adfabe2e1d5613901f2573eec67111a89084bc8ac58c81792fe9327a1417c37a9
-
SSDEEP
3072:YxYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////z:s0uXnWFchmmcI/o1/dMTBwZ4r5
Behavioral task
behavioral1
Sample
872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://aboveandbelow.com.au/cgi-bin/Lbi20Tu/
https://amacshowerscreens.com.au/wp-includes/K5/
http://athleteacademy.net/wp-admin/VDDlV/
http://www.jayamelectronics.com/assets/TwgdI/
http://intelligence.com.sg/registration/JGX3I/
http://sorvetesbrotinho.com.br/novo/8edJm/
http://printed.com.mx/fonts/E6a/
Targets
-
-
Target
872cd0d6fc9037131b6f2bdcfa7cbee5_JaffaCakes118
-
Size
216KB
-
MD5
872cd0d6fc9037131b6f2bdcfa7cbee5
-
SHA1
5d6eb7600b06659eb2b77105e606990209e3d7b9
-
SHA256
cce15dec3bc1410569a816b6fac4c8f582b572af674a8fc37b31864bc92e417b
-
SHA512
21bec23ffbe96a4f30ccd0e0ccee873654d9fc9ab5455267b8f012e8d0739b9adfabe2e1d5613901f2573eec67111a89084bc8ac58c81792fe9327a1417c37a9
-
SSDEEP
3072:YxYy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////z:s0uXnWFchmmcI/o1/dMTBwZ4r5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-