General
-
Target
8766e2aa87c8731043047cbfba79636f_JaffaCakes118
-
Size
230KB
-
Sample
240531-sb5rpabh9y
-
MD5
8766e2aa87c8731043047cbfba79636f
-
SHA1
140a17470b1305d013428350efc8049d5e4463ec
-
SHA256
5dff91cf6d41a1afd397c3c21a5b5a401acbb9abf2dc6e09df6f45b8f8dd9af2
-
SHA512
b536bf3749e41470b1642aaabab9a8c839159ea2e8aa71e0ae2baa8aed571b333bd49a1bfdd5bc2345b396fcdbe438aad911a229e05013f51e5039170fb842ea
-
SSDEEP
3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HqJwnffRa:yHgtEWPsL/aTyT9Gkw8qJwnffRa
Behavioral task
behavioral1
Sample
8766e2aa87c8731043047cbfba79636f_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8766e2aa87c8731043047cbfba79636f_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://arsan.com.br/img_b2w/jstgflap98/
http://koester-pb.de/cgi-bin/HoDIPqV/
http://aragonmetal.com/_installation/LPMGMZroO/
https://www.witdigi.com/wp-content/uploads/iBeE/
http://yellowstonefitness.com/j5es7cx/QgLkys4ga64g228/
Targets
-
-
Target
8766e2aa87c8731043047cbfba79636f_JaffaCakes118
-
Size
230KB
-
MD5
8766e2aa87c8731043047cbfba79636f
-
SHA1
140a17470b1305d013428350efc8049d5e4463ec
-
SHA256
5dff91cf6d41a1afd397c3c21a5b5a401acbb9abf2dc6e09df6f45b8f8dd9af2
-
SHA512
b536bf3749e41470b1642aaabab9a8c839159ea2e8aa71e0ae2baa8aed571b333bd49a1bfdd5bc2345b396fcdbe438aad911a229e05013f51e5039170fb842ea
-
SSDEEP
3072:yj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkw0HqJwnffRa:yHgtEWPsL/aTyT9Gkw8qJwnffRa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-