General
-
Target
87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118
-
Size
229KB
-
Sample
240531-w5df3shf33
-
MD5
87ed83ae7da60b75a48c009e57b743ad
-
SHA1
bd6c4e6bf159134cc39292a3556ff1c4dd977f11
-
SHA256
642f6238f4c26f7e8829b4739309809c5b2ec80f58e0beb4df4cbfdfd8ebe42a
-
SHA512
c9dac09074e222d888430a969b9c2850d36a2c0f04556293238e19dc98b392ec751076d5b8dd495e5a7b96984a8b9eced9055034311f4b2f81b126693e98df8a
-
SSDEEP
3072:dj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRIhoIwG/RwUn:dHgtEWPsL/aTyT9GkRIhjwG/Rf
Behavioral task
behavioral1
Sample
87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118.doc
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://speranza2000.com/wp-content/XnOLQdAmO/
https://mamelina.com/wp-content/Dx2adk65/
https://viralstyle.shop/jrfgw/LIQh0u72140141593/
https://site.inquima.com.br/plugins/fOT86n0a63050/
http://trainings.smartscape.eu/wp-admin/Ekybgo2d13356/
Targets
-
-
Target
87ed83ae7da60b75a48c009e57b743ad_JaffaCakes118
-
Size
229KB
-
MD5
87ed83ae7da60b75a48c009e57b743ad
-
SHA1
bd6c4e6bf159134cc39292a3556ff1c4dd977f11
-
SHA256
642f6238f4c26f7e8829b4739309809c5b2ec80f58e0beb4df4cbfdfd8ebe42a
-
SHA512
c9dac09074e222d888430a969b9c2850d36a2c0f04556293238e19dc98b392ec751076d5b8dd495e5a7b96984a8b9eced9055034311f4b2f81b126693e98df8a
-
SSDEEP
3072:dj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkRIhoIwG/RwUn:dHgtEWPsL/aTyT9GkRIhjwG/Rf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-