General
-
Target
e6ab9a446b83f844455158ae671c1977_JaffaCakes118
-
Size
183KB
-
Sample
240917-m2qskazaqp
-
MD5
e6ab9a446b83f844455158ae671c1977
-
SHA1
8d871c28578b49a13304ee9a3d6490425e30a91e
-
SHA256
6da70e0246338ef86cc0dd0e60504127ec28ccf40607ae2c3b78d62c6a91ea5c
-
SHA512
e04084b56726fa10a286ce6fbe9b91f654d72d886c4ad85da5e604e1729ffb2c0ea5b9ac80aad92002949ff03674bb00583b272d0c1142e51846958f023f59b9
-
SSDEEP
3072:s77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qPVxuXKc29HzPBx4Pr1yL+xLtNX:s77HUUUUUUUUUUUUUUUUUUUT52VWcXKq
Behavioral task
behavioral1
Sample
e6ab9a446b83f844455158ae671c1977_JaffaCakes118.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e6ab9a446b83f844455158ae671c1977_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://alpinaemlak.com/wp-contents/5SZUz/
http://celebration-studio.com/wp-admin/Z0Gik/
http://absimpex.com/images/9KOW/
http://jaspinformatica.com/boxcloud/aX/
https://inovatips.com/9yorcan/Y1io/
Targets
-
-
Target
e6ab9a446b83f844455158ae671c1977_JaffaCakes118
-
Size
183KB
-
MD5
e6ab9a446b83f844455158ae671c1977
-
SHA1
8d871c28578b49a13304ee9a3d6490425e30a91e
-
SHA256
6da70e0246338ef86cc0dd0e60504127ec28ccf40607ae2c3b78d62c6a91ea5c
-
SHA512
e04084b56726fa10a286ce6fbe9b91f654d72d886c4ad85da5e604e1729ffb2c0ea5b9ac80aad92002949ff03674bb00583b272d0c1142e51846958f023f59b9
-
SSDEEP
3072:s77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qPVxuXKc29HzPBx4Pr1yL+xLtNX:s77HUUUUUUUUUUUUUUUUUUUT52VWcXKq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-