General
-
Target
8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118
-
Size
471KB
-
Sample
240602-fk53lacd38
-
MD5
8cf2b7cce1627f7bd2ad82acd28e7a8b
-
SHA1
aec23aa55dcbddc448feeae60151eb779543462f
-
SHA256
5f27f1b36393f4bb01d4367b2dad234ac11a033ec6a48e2b50975507ceab8027
-
SHA512
102b7f2b951216c4a1c37881bc4c6344090b016cfb2097067120c07bbabfa3623a02eac3425fac7e1e3bfb774c018b9f6b5244b50f24a4212f6042ef0a5e95f2
-
SSDEEP
6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ
Static task
static1
Behavioral task
behavioral1
Sample
8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118.doc
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118.doc
Resource
win10v2004-20240226-en
Malware Config
Extracted
http://shashlichnydom.ru/NbEDRSsyiy_Rl2
http://wolf.camera/jkeU0iK6Mf8v_dy0Ad
http://www.marekvoprsal.cz/s1yTiin0l_AUP
http://www.eufacopublicidade.com.br/ULxnLcrzzz4E
http://londonmarathon2019.kevinmiller66.co.uk/9bT6FbyqID9O9B
Targets
-
-
Target
8cf2b7cce1627f7bd2ad82acd28e7a8b_JaffaCakes118
-
Size
471KB
-
MD5
8cf2b7cce1627f7bd2ad82acd28e7a8b
-
SHA1
aec23aa55dcbddc448feeae60151eb779543462f
-
SHA256
5f27f1b36393f4bb01d4367b2dad234ac11a033ec6a48e2b50975507ceab8027
-
SHA512
102b7f2b951216c4a1c37881bc4c6344090b016cfb2097067120c07bbabfa3623a02eac3425fac7e1e3bfb774c018b9f6b5244b50f24a4212f6042ef0a5e95f2
-
SSDEEP
6144:BuQUQNrSA3hifBq7JwMzSVIhl9EKRDqME4yanMjdn/NQVg+D3Do8oRtxQwvVAJTj:BzUvA3hfw8SVIf51E4K14o8IuJ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-