General
-
Target
bbaaca3df24ceb257d22854cac390f46_JaffaCakes118
-
Size
973KB
-
Sample
240618-ngr1kavhpm
-
MD5
bbaaca3df24ceb257d22854cac390f46
-
SHA1
42eabeb3ee7475b1a68babe2aa96118c6c3e6e1e
-
SHA256
5c7e88f3840237ba479019cc2c86421db7f695c13dfeffe7f2db121158e42d81
-
SHA512
abc5b31f99bd39862fa6adad60191bcb26f9fcfd72c12bb67dca62dc6064858ee67b4bc8498a2eaf629a820bb2528d0a8a534c3a2375735008c5c4f4223e041e
-
SSDEEP
24576:s4zQaPkDpZdKUUyUn6HaNpKwD0gpV6HwR:J
Static task
static1
Behavioral task
behavioral1
Sample
bbaaca3df24ceb257d22854cac390f46_JaffaCakes118.rtf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
bbaaca3df24ceb257d22854cac390f46_JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
3.8
xa
laplayaencantada.net
francesemartin.biz
mydailyadverts.biz
themansiononwalnut.com
kccoin.net
lighthousenw.net
ideadubai.com
coat.ink
happiestmarriage101.com
god16.com
datecleanse.com
559453.top
nagwarerecords.com
xn--husw9zrks.com
welfarereform.net
grupocastedia.com
aqua-armor.online
hopugo.com
mylovesociety.com
exploremusicjax.com
allizo-finance.com
tcfdwx.com
sc.company
gpkpdbj.com
sbawar.com
truemed-shop.com
logantherapy.com
mjstfy.men
gahannalionsroar.com
nativelychicoil.com
seepalmdeserthomesforsale.com
bigsuvfan.live
baoxianxian.com
pakietowaniewakacji.com
slot44.online
johncparsons2.net
wanjiahuishou.com
healthcare-analytics-uk.com
awoara.com
aspenpic.com
godlysaw.cat
6xv2ebf.info
eczvpo.men
gzjrkj.net
softland.biz
customercarehelp.net
6095rr.com
salshowdocesesalgados.com
sckltm.info
wykmall.com
networksupport.world
170crestviewdrive.com
tahchinfoods.com
vqovi.info
patrickheffernanlighting.com
oilheatcare.com
smallcapwonder.com
6figureacademic.com
jsthxp.men
strengthexplain.net
commentchatva.com
multiuniverstring.com
coolveer.com
provenexecs.net
mansiobbok.com
Targets
-
-
Target
bbaaca3df24ceb257d22854cac390f46_JaffaCakes118
-
Size
973KB
-
MD5
bbaaca3df24ceb257d22854cac390f46
-
SHA1
42eabeb3ee7475b1a68babe2aa96118c6c3e6e1e
-
SHA256
5c7e88f3840237ba479019cc2c86421db7f695c13dfeffe7f2db121158e42d81
-
SHA512
abc5b31f99bd39862fa6adad60191bcb26f9fcfd72c12bb67dca62dc6064858ee67b4bc8498a2eaf629a820bb2528d0a8a534c3a2375735008c5c4f4223e041e
-
SSDEEP
24576:s4zQaPkDpZdKUUyUn6HaNpKwD0gpV6HwR:J
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-