General
-
Target
87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118
-
Size
172KB
-
Sample
240531-w5fw7sgg4v
-
MD5
87ed8c4d0624cb54f5cc4892e8a2c8ce
-
SHA1
978673706e2661270572b6fd310dee626b14bba4
-
SHA256
4988159f7deee6fa12b723aa0158f06c3e3b77034a97827b39e69ffa5c2b8d16
-
SHA512
484591b8ec28713713617d0960e71e33067738fdb16f9f045c0018a00abb52d3f5f1466633ac979e1b091a5e5ce13bdf489e77925ef6fec02925ef9c64e1490a
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9GtxO8nq78ct2PU7MXKSSxH5pcKaJnT7y2V:erfrzOH98ipgpkBT79
Behavioral task
behavioral1
Sample
87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118.doc
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://rhyton-building.com/wp-admin/Ey8qV0/
http://ezzll.com/wp-includes/KIU2WU/
http://tellmetech.com/wp-content/4ka/
https://elmundodelareposteria.com/wp-admin/0PVVmJm/
https://manuelrozas.cl/assets/XWN/
https://haritdharni.com/wp-admin/bZM/
https://theworks-group.com/site/pQT6j5/
Targets
-
-
Target
87ed8c4d0624cb54f5cc4892e8a2c8ce_JaffaCakes118
-
Size
172KB
-
MD5
87ed8c4d0624cb54f5cc4892e8a2c8ce
-
SHA1
978673706e2661270572b6fd310dee626b14bba4
-
SHA256
4988159f7deee6fa12b723aa0158f06c3e3b77034a97827b39e69ffa5c2b8d16
-
SHA512
484591b8ec28713713617d0960e71e33067738fdb16f9f045c0018a00abb52d3f5f1466633ac979e1b091a5e5ce13bdf489e77925ef6fec02925ef9c64e1490a
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a9GtxO8nq78ct2PU7MXKSSxH5pcKaJnT7y2V:erfrzOH98ipgpkBT79
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-