General
-
Target
eed673967d82297ad7d1a265338a70df_JaffaCakes118
-
Size
130KB
-
Sample
240921-b5zdbszbpq
-
MD5
eed673967d82297ad7d1a265338a70df
-
SHA1
f3405392dcb05947c2f42a281c5d19572d50b1a9
-
SHA256
d7123a4f3fae3b4fa986bc7419dd59c1da51e971a9f6a007a637a5da03bf8485
-
SHA512
c4e7020506ff002afceb1b277da790c681036ac60733dc9f0aab9b1f0973caf95e252d66bb7dc050c7625abce9063c6ce8936f43bd273c94532f4406828c2244
-
SSDEEP
1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqFANmmGdJxnX3:sR1qf69xak3MgxCCammYrnX3
Static task
static1
Behavioral task
behavioral1
Sample
eed673967d82297ad7d1a265338a70df_JaffaCakes118.doc
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eed673967d82297ad7d1a265338a70df_JaffaCakes118.doc
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://hopekonnect.com/cgi-bin/v3DD/
http://cabinetaccuracy.com/wp-includes/n90DBu/
http://ksulo.com/wp-admin/NvruA/
https://travcalls.com/blogs/bslVh/
https://raanivastra.com/wp-content/q/
http://231brewingco.com/wp-includes/gwUy/
http://mealeapalacegate.com/cgi-bin/G/
Targets
-
-
Target
eed673967d82297ad7d1a265338a70df_JaffaCakes118
-
Size
130KB
-
MD5
eed673967d82297ad7d1a265338a70df
-
SHA1
f3405392dcb05947c2f42a281c5d19572d50b1a9
-
SHA256
d7123a4f3fae3b4fa986bc7419dd59c1da51e971a9f6a007a637a5da03bf8485
-
SHA512
c4e7020506ff002afceb1b277da790c681036ac60733dc9f0aab9b1f0973caf95e252d66bb7dc050c7625abce9063c6ce8936f43bd273c94532f4406828c2244
-
SSDEEP
1536:8KSDRD3bNqfNpu39IId5a6XP3Mg8afCqFANmmGdJxnX3:sR1qf69xak3MgxCCammYrnX3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-