General
-
Target
1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118
-
Size
129KB
-
Sample
240702-pea5ps1fpg
-
MD5
1f4a448f535f2a3657dfef39beb4a662
-
SHA1
3469b525c73b66fab130abceb11f23eb53723b88
-
SHA256
0a8b0b423e864ae0c19cbe56b135d804b91516bb9b633d889c315c757bfd3930
-
SHA512
5e2d670ce62bb21ca703a24daeaa67094d759ee514ccf5306ea1f0e8db08b7d5eb232a657cecfac8560c67c77cab16fe078e836b0a762f44ed7d73b61e0996a0
-
SSDEEP
3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX
Behavioral task
behavioral1
Sample
1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118.xls
Resource
win10v2004-20240611-en
Malware Config
Extracted
http://190.14.37.165/45475.5098122685.dat
http://5.196.247.11/45475.5098122685.dat
http://188.119.113.3/45475.5098122685.dat
Extracted
http://190.14.37.165/45475.5098185185.dat
http://5.196.247.11/45475.5098185185.dat
http://188.119.113.3/45475.5098185185.dat
Targets
-
-
Target
1f4a448f535f2a3657dfef39beb4a662_JaffaCakes118
-
Size
129KB
-
MD5
1f4a448f535f2a3657dfef39beb4a662
-
SHA1
3469b525c73b66fab130abceb11f23eb53723b88
-
SHA256
0a8b0b423e864ae0c19cbe56b135d804b91516bb9b633d889c315c757bfd3930
-
SHA512
5e2d670ce62bb21ca703a24daeaa67094d759ee514ccf5306ea1f0e8db08b7d5eb232a657cecfac8560c67c77cab16fe078e836b0a762f44ed7d73b61e0996a0
-
SSDEEP
3072:Sk3hOdsylKlgxopeiBNhZFGzE+cL2kdAxc6YehWfGdtUHKGDbpmsii/+u6ssC06+:Sk3hOdsylKlgxopeiBNhZF+E+W2kdAxX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-