General
-
Target
9dde617fbec0417339ab2bfe4ccc3af8_JaffaCakes118
-
Size
857KB
-
Sample
240611-mh2qqatcrf
-
MD5
9dde617fbec0417339ab2bfe4ccc3af8
-
SHA1
8b2ee2277b339c23e48c3aa93a570e8932aa6160
-
SHA256
a841cd61602019eeb2af295482f83c89032aa25c59457a83a1a3f2c275961989
-
SHA512
d0538086f3a1e676a442bd0518e1eec3367bd4f5c5e92b8e104ee3811336fc186ace34c8eaf3b113353609ffc1855005a075f5b188454652f442dc61234c83f8
-
SSDEEP
24576:FNjlDxKqaS4LQHn5r1Yb8bdt/EtOc+xuNjll:m
Static task
static1
Behavioral task
behavioral1
Sample
9dde617fbec0417339ab2bfe4ccc3af8_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9dde617fbec0417339ab2bfe4ccc3af8_JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
3.8
ch49
splashingsuits.com
risingchefs.com
lalune.photo
naturedocclinic.com
sz-dgm.com
dialitica.com
tabletoprentalsnj.com
gullonthebay.net
sszhvip.com
402man.com
365bdc.net
opensourcenoself.com
aarhaluxuryresort.com
gvs-cargo.com
lwhwdx.info
fiw.biz
prismpaintingmi.com
ollie.email
dqrbj.com
tuanlongan.com
kosmetik-ulrike-geusen.com
957yb.com
databasekids.com
oqwbpvg.com
csm.ink
lovelightsuniversity.love
formaciontrespuntocero.com
7mudkg.com
nzokl.info
22craftysheep.com
sibarisdevices.com
directratenow.online
wearskylecom.com
alphamonstersite.review
pawi.ltd
stunningbody-now.com
cbz5z.info
wihmxvs.com
therealotees.com
honifu72.win
hntzzy323huali.com
xn--propriets-prives-iqbg.com
pinpanwedding.com
produsensarungmobil.com
topal-kebab.com
chocophotography.net
getdnd.com
pygmalionshokai.com
lunchwith4.com
jhtdz.com
makemebi.com
matthieuleenhardt.com
aedx2712e1.biz
bioxinformatics.com
ssxnydj.com
elitetecnetwork.com
pulsemetrics.net
olpass.com
joebreezy2018.com
spinlanding.world
boondns.com
sxzhangbei.com
donghuatieyi.com
imageessay.net
crepox.com
Targets
-
-
Target
9dde617fbec0417339ab2bfe4ccc3af8_JaffaCakes118
-
Size
857KB
-
MD5
9dde617fbec0417339ab2bfe4ccc3af8
-
SHA1
8b2ee2277b339c23e48c3aa93a570e8932aa6160
-
SHA256
a841cd61602019eeb2af295482f83c89032aa25c59457a83a1a3f2c275961989
-
SHA512
d0538086f3a1e676a442bd0518e1eec3367bd4f5c5e92b8e104ee3811336fc186ace34c8eaf3b113353609ffc1855005a075f5b188454652f442dc61234c83f8
-
SSDEEP
24576:FNjlDxKqaS4LQHn5r1Yb8bdt/EtOc+xuNjll:m
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-