General
-
Target
JaffaCakes118_9e47a652884094691905a8ebc39ccdd3
-
Size
113KB
-
Sample
250407-hs782astat
-
MD5
9e47a652884094691905a8ebc39ccdd3
-
SHA1
17b5b39402aabbdc86e8d14632f9a1fab00ad15f
-
SHA256
59d616655b03443df157ddd98fe5781f9cf2e95181765ed85a1dbac0bd473cbb
-
SHA512
cab17582c9eac6c1a745dd24f5c50c1a66b497b882e332abf3cd733a360d4003c8912a7e8c05dd14128becd6d5259b213c789f738e51a01184e32751e0d13079
-
SSDEEP
3072:0nbm7ZWxrg75BqFKNc2jcc0lbxOKAx2AJtXwKK:0nbGs2
Malware Config
Targets
-
-
Target
JaffaCakes118_9e47a652884094691905a8ebc39ccdd3
-
Size
113KB
-
MD5
9e47a652884094691905a8ebc39ccdd3
-
SHA1
17b5b39402aabbdc86e8d14632f9a1fab00ad15f
-
SHA256
59d616655b03443df157ddd98fe5781f9cf2e95181765ed85a1dbac0bd473cbb
-
SHA512
cab17582c9eac6c1a745dd24f5c50c1a66b497b882e332abf3cd733a360d4003c8912a7e8c05dd14128becd6d5259b213c789f738e51a01184e32751e0d13079
-
SSDEEP
3072:0nbm7ZWxrg75BqFKNc2jcc0lbxOKAx2AJtXwKK:0nbGs2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Deletes itself
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-