General
-
Target
874f655245be972f39df983f9d2b7a4b_JaffaCakes118
-
Size
158KB
-
Sample
240531-rqkjmabg75
-
MD5
874f655245be972f39df983f9d2b7a4b
-
SHA1
69a632e6e82dfeb00354c640b261ce2e6f16f15b
-
SHA256
4b30a75800dac8e687499541fa381736b76d3f3b69146ea8801962b7eec548bb
-
SHA512
fbf6012f4e5ef6059fd5521250af88c373ef8fcb913b137f0d721e2ab9ccbc299b0ea892aa0475f1bfdda9330e346de22be3a884e56166cf763a00414c02e7ec
-
SSDEEP
1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9KlJiPn:1rfrzOH98ipgYYPn
Behavioral task
behavioral1
Sample
874f655245be972f39df983f9d2b7a4b_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
874f655245be972f39df983f9d2b7a4b_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://case.gonukkad.com/sys-cache/CjT/
https://starrcoin.net/wp-admin/YT/
http://modelaw.devkind.com.au/wp-admin/cvDRmGK/
http://dprkp.palembang.go.id/sys-cache/7Y4aHw/
http://completeguideblogging.com/euiot/PAuJG/
http://qutiche.cn/wp-admin/Q/
https://shiva-engineering.com/1cj/tKemHV7/
Targets
-
-
Target
874f655245be972f39df983f9d2b7a4b_JaffaCakes118
-
Size
158KB
-
MD5
874f655245be972f39df983f9d2b7a4b
-
SHA1
69a632e6e82dfeb00354c640b261ce2e6f16f15b
-
SHA256
4b30a75800dac8e687499541fa381736b76d3f3b69146ea8801962b7eec548bb
-
SHA512
fbf6012f4e5ef6059fd5521250af88c373ef8fcb913b137f0d721e2ab9ccbc299b0ea892aa0475f1bfdda9330e346de22be3a884e56166cf763a00414c02e7ec
-
SSDEEP
1536:A2Fj72Fjmrdi1Ir77zOH98Wj2gpngh+a9KlJiPn:1rfrzOH98ipgYYPn
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-