General
-
Target
ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118
-
Size
173KB
-
Sample
240919-wskpmasekf
-
MD5
ebea1eca7bfe118cbdbfa26e308733fa
-
SHA1
d16165438718f0f24b55e31e15bccbee4ffbe5ab
-
SHA256
b38d528441ae53b3ee333f8a7b335e5f9b9093086cd3072c649eb570aeb430da
-
SHA512
77eeced3e564ddfce967a064821b515d0a10d7aaa4d3f72c0e9f83219dda2f8fbbf1b033e3c5f54cf5a3144884b75c50b96a5ff48181bbc29260abaa8bc551f9
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a97txO8nq78ct2PU7MXKSSxH5pcKaJnW7y2H:erfrzOH98ipg6kBW7/
Behavioral task
behavioral1
Sample
ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://rhyton-building.com/wp-admin/Ey8qV0/
http://ezzll.com/wp-includes/KIU2WU/
http://tellmetech.com/wp-content/4ka/
https://elmundodelareposteria.com/wp-admin/0PVVmJm/
https://manuelrozas.cl/assets/XWN/
https://haritdharni.com/wp-admin/bZM/
https://theworks-group.com/site/pQT6j5/
Targets
-
-
Target
ebea1eca7bfe118cbdbfa26e308733fa_JaffaCakes118
-
Size
173KB
-
MD5
ebea1eca7bfe118cbdbfa26e308733fa
-
SHA1
d16165438718f0f24b55e31e15bccbee4ffbe5ab
-
SHA256
b38d528441ae53b3ee333f8a7b335e5f9b9093086cd3072c649eb570aeb430da
-
SHA512
77eeced3e564ddfce967a064821b515d0a10d7aaa4d3f72c0e9f83219dda2f8fbbf1b033e3c5f54cf5a3144884b75c50b96a5ff48181bbc29260abaa8bc551f9
-
SSDEEP
1536:erdi1Ir77zOH98Wj2gpngR+a97txO8nq78ct2PU7MXKSSxH5pcKaJnW7y2H:erfrzOH98ipg6kBW7/
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-