112cfc5f00859b28bbbeee3f7175e0ea4c2139701e3279769d29b3a95c2c5217 | Triage

Sharing

General

Target

e92fd00aa2cb0855e9843741e5bf3229_JaffaCakes118
Size

36KB
Sample

240409-eqacfaec34
MD5

e92fd00aa2cb0855e9843741e5bf3229
SHA1

bbace7bd1bf5e5566c7de70aae70dd888c2ee836
SHA256

112cfc5f00859b28bbbeee3f7175e0ea4c2139701e3279769d29b3a95c2c5217
SHA512

f785a3d1a6500d1a7bfada26b0f88ad92cb2368846fbb4f66ff96f89e0d3ec1429a77f0045026d4be15270566d96317df73c6fbf44b2785775a78fd5f124fdf7
SSDEEP

768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJg2LO8A1RGyyc:kok3hbdlylKsgqopeJBWhZFGkE+cL2NZ

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  e92fd00aa2cb0855e9843741e5bf3229_JaffaCakes118
- Size
  
  36KB
- MD5
  
  e92fd00aa2cb0855e9843741e5bf3229
- SHA1
  
  bbace7bd1bf5e5566c7de70aae70dd888c2ee836
- SHA256
  
  112cfc5f00859b28bbbeee3f7175e0ea4c2139701e3279769d29b3a95c2c5217
- SHA512
  
  f785a3d1a6500d1a7bfada26b0f88ad92cb2368846fbb4f66ff96f89e0d3ec1429a77f0045026d4be15270566d96317df73c6fbf44b2785775a78fd5f124fdf7
- SSDEEP
  
  768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJg2LO8A1RGyyc:kok3hbdlylKsgqopeJBWhZFGkE+cL2NZ
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2