General
-
Target
0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118
-
Size
129KB
-
Sample
240625-bvyn2stajd
-
MD5
0bca9d9a4e10b794ac05375ebc19de86
-
SHA1
43983f7c8b45057ec1d732586648f9ac515048f4
-
SHA256
4cd16d4f199b5f619a377b3c260f8423a9e814cc680edad1505e4038fc38ddcc
-
SHA512
9e1a3f4d842ea9c849dc7c345e29a6d760a6b4b48ab9d6efe7f8d2d694b7bf23431d57d97dbde18abe331d4565329f9cea6a1f6e4889c33ffa488a48da675d41
-
SSDEEP
3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX
Behavioral task
behavioral1
Sample
0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118.xls
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118.xls
Resource
win10v2004-20240611-en
Malware Config
Extracted
http://190.14.37.165/45468.0615696759.dat
http://5.196.247.11/45468.0615696759.dat
http://188.119.113.3/45468.0615696759.dat
Extracted
http://190.14.37.165/45468.0616016204.dat
http://5.196.247.11/45468.0616016204.dat
http://188.119.113.3/45468.0616016204.dat
Targets
-
-
Target
0bca9d9a4e10b794ac05375ebc19de86_JaffaCakes118
-
Size
129KB
-
MD5
0bca9d9a4e10b794ac05375ebc19de86
-
SHA1
43983f7c8b45057ec1d732586648f9ac515048f4
-
SHA256
4cd16d4f199b5f619a377b3c260f8423a9e814cc680edad1505e4038fc38ddcc
-
SHA512
9e1a3f4d842ea9c849dc7c345e29a6d760a6b4b48ab9d6efe7f8d2d694b7bf23431d57d97dbde18abe331d4565329f9cea6a1f6e4889c33ffa488a48da675d41
-
SSDEEP
3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-