General
-
Target
87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118
-
Size
156KB
-
Sample
240531-vev3rsee7y
-
MD5
87b25b3e4bce5753970f2cc9905c6946
-
SHA1
fe03e8215c7dd1461fcafa10885b12a950a7b5dc
-
SHA256
8e4a311d2368b3ef3374691d891e860542fbcd33a8c5df81d9264762449a41a5
-
SHA512
3448345d893502556c7fb26c198421278eb6b5038ac6b625c5acdd72591a1eaed30df6b5011dd905d31f4aef85a0c84e74c951ca27b39b67c42bad7ab368a07b
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXExZ843:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPx
Behavioral task
behavioral1
Sample
87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://infokamp.com/edmatvu/XcvhTJMoveELDQSwTUGIwp/
http://aaitrader.com/wp-includes/TdWfQOsyteJAaXt/
http://hoststore.ro/wp-includes/iIyDhkZnoKGa/
https://fepa18.org/wp-admin/vZJPXdJUKbsQoR/
https://ioszm.com/wp-content/VKvRtbEjecrTUWtZwLJPTASMB/
Targets
-
-
Target
87b25b3e4bce5753970f2cc9905c6946_JaffaCakes118
-
Size
156KB
-
MD5
87b25b3e4bce5753970f2cc9905c6946
-
SHA1
fe03e8215c7dd1461fcafa10885b12a950a7b5dc
-
SHA256
8e4a311d2368b3ef3374691d891e860542fbcd33a8c5df81d9264762449a41a5
-
SHA512
3448345d893502556c7fb26c198421278eb6b5038ac6b625c5acdd72591a1eaed30df6b5011dd905d31f4aef85a0c84e74c951ca27b39b67c42bad7ab368a07b
-
SSDEEP
3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qACyMPpYdWt4dbXExZ843:a77HUUUUUUUUUUUUUUUUUUUT52VKyMPx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-