General
-
Target
a11aeae518c4f973a085343f6db0f427_JaffaCakes118
-
Size
570KB
-
Sample
240612-skelvstcjm
-
MD5
a11aeae518c4f973a085343f6db0f427
-
SHA1
d5b490547a2c1d4de3f3bf46f5e24bce297dbcbe
-
SHA256
ecaef4eb68c7360125a6d7855c080a40ce476bbd06a12afc4c323b7c9f0c1cde
-
SHA512
4dbc8d6c343d92266fe5476c474f2f695b50b9d140558ac53d6789e50cd8c08e5398b07fd4cb200070370acb2171b163845d6e96b482a3da81c2d28f6cede82c
-
SSDEEP
6144:TEef7z5GQca1M6Set4c46pfsBIx1yTVoxQJ7yydZC+hB24747IigIK2i74pBdX3X:Tp35GarG/ux1Jxq7yydZCdpjnB1ES
Static task
static1
Behavioral task
behavioral1
Sample
a11aeae518c4f973a085343f6db0f427_JaffaCakes118.rtf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a11aeae518c4f973a085343f6db0f427_JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
http://urlz.fr/6zHm
Extracted
formbook
3.8
h17
lemahrata.com
documenticondominio.info
altfrid.com
aquawaterproofing.online
barobaro.link
yuanwb.com
alprincemobile.net
farmingskills.com
serviceemploicanada.com
purchase-appstre-locked.com
quickflushdetox.com
dodovoyage.com
livewell.academy
soolr.info
as51391.network
emalvernpanalytical.com
chatterworkslabs.info
louzan.style
pacegroups.com
tc-invest.com
digitalresearchcenter.com
moreiramarmitex.com
j26ccc.com
coretws.date
szptsh.com
jlscpt.com
ql2012.com
spiritualhealthtest.com
xn--654a43t.com
www55290.com
1s8twoout.loan
madefoyou.online
stukadoorbedrijf.online
afdjstore.top
aussiebridetv.com
schranklystoes.win
garagerepairleads.com
seedfs.net
moviefy.online
hellodw.net
xn--qckuboa4b2s.net
nbaio.com
manekinekomotion.com
meditationcrate.com
decorativepillowsforcouch.com
globesbusinessenterprises.com
manitoherbs.com
sipbemidji.com
darussaadeistanbulhotel.com
erbrecht-tutzing.com
cedarridgeresort.net
hawkwoodproductions.co.uk
youfantongchong.com
musicheap.com
regen.media
themathewsfamily.com
harbourgroupltd.net
vnwbn.info
thekalpatruyashodan.net
petterpatter.com
sudarno.com
shannoncopelandonline.com
albertoplanes.com
youlearnyou.com
nadidetadllar.info
Targets
-
-
Target
a11aeae518c4f973a085343f6db0f427_JaffaCakes118
-
Size
570KB
-
MD5
a11aeae518c4f973a085343f6db0f427
-
SHA1
d5b490547a2c1d4de3f3bf46f5e24bce297dbcbe
-
SHA256
ecaef4eb68c7360125a6d7855c080a40ce476bbd06a12afc4c323b7c9f0c1cde
-
SHA512
4dbc8d6c343d92266fe5476c474f2f695b50b9d140558ac53d6789e50cd8c08e5398b07fd4cb200070370acb2171b163845d6e96b482a3da81c2d28f6cede82c
-
SSDEEP
6144:TEef7z5GQca1M6Set4c46pfsBIx1yTVoxQJ7yydZC+hB24747IigIK2i74pBdX3X:Tp35GarG/ux1Jxq7yydZCdpjnB1ES
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-