General
-
Target
87a4a187092e93924e81f8d2bc94a237_JaffaCakes118
-
Size
180KB
-
Sample
240531-t2kpwaeb2z
-
MD5
87a4a187092e93924e81f8d2bc94a237
-
SHA1
f980b91b7dd0ac409099b17c05affa2f2072edd7
-
SHA256
b58b532ed578092ac8a863ccb0eca5ca78a76c32aaa672f253524fdad31ca12c
-
SHA512
eaadd4273751a752761d7d22158d58ef76b7710df5015ef6c1a726ac5f846b9fb06862f1f0d55bd3057d70dc6f3df1ec0804d0fa8e0cb7ffc2aea722492b91fb
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9DSGIRK9b/WYjd2LO6h/QC27TWvo:crfrzOH98ipgrSGYK9TngLOm27TWvo
Behavioral task
behavioral1
Sample
87a4a187092e93924e81f8d2bc94a237_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
87a4a187092e93924e81f8d2bc94a237_JaffaCakes118.doc
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://sasystemsuk.com/index_files/j9b/
https://case.gonukkad.com/sys-cache/fmC/
http://vandamebuilders.com/wp-includes/OEyjc9x/
https://nilinkeji.com/online/Dmz/
http://paganwitch.com/wp-admin/CmubpSk/
http://www.ekramco.ir/english/fn/
http://votesteve.us/closed_zone/Bk/
Targets
-
-
Target
87a4a187092e93924e81f8d2bc94a237_JaffaCakes118
-
Size
180KB
-
MD5
87a4a187092e93924e81f8d2bc94a237
-
SHA1
f980b91b7dd0ac409099b17c05affa2f2072edd7
-
SHA256
b58b532ed578092ac8a863ccb0eca5ca78a76c32aaa672f253524fdad31ca12c
-
SHA512
eaadd4273751a752761d7d22158d58ef76b7710df5015ef6c1a726ac5f846b9fb06862f1f0d55bd3057d70dc6f3df1ec0804d0fa8e0cb7ffc2aea722492b91fb
-
SSDEEP
1536:uasrbYasrb2rdi1Ir77zOH98Wj2gpng9+a9DSGIRK9b/WYjd2LO6h/QC27TWvo:crfrzOH98ipgrSGYK9TngLOm27TWvo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-