Overview

overview

10

Static

static

8

f44ea0b7e1...8.xlsb

windows7-x64

10

f44ea0b7e1...8.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f44ea0b7e1beca02370c8aa2d20000f6_JaffaCakes118

  • Size

    141KB

  • Sample

    240416-zqn6tadh9t

  • MD5

    f44ea0b7e1beca02370c8aa2d20000f6

  • SHA1

    e22c0471b5ca2e43f3733524dfa384dad35160fa

  • SHA256

    d6dcc0a6e5a7a3985fab975e4da5a1cc4ca904f68556dd98b062430d53426bea

  • SHA512

    cdd8cdc169109c53cf07392f8d5d080af80a78c308120a2d12245b9b9c97cb6b92e99989b43824949ace28fcede4eb5d0dc521dbaa0beb06d410caea8f3dc8e6

  • SSDEEP

    3072:oUJcd05FjZIQuPZ1y/7wMi63LD6z2qoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaat:oiFNaCE967MoaaaaaaaaaaaaaaaaaaaU

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f44ea0b7e1beca02370c8aa2d20000f6_JaffaCakes118

    • Size

      141KB

    • MD5

      f44ea0b7e1beca02370c8aa2d20000f6

    • SHA1

      e22c0471b5ca2e43f3733524dfa384dad35160fa

    • SHA256

      d6dcc0a6e5a7a3985fab975e4da5a1cc4ca904f68556dd98b062430d53426bea

    • SHA512

      cdd8cdc169109c53cf07392f8d5d080af80a78c308120a2d12245b9b9c97cb6b92e99989b43824949ace28fcede4eb5d0dc521dbaa0beb06d410caea8f3dc8e6

    • SSDEEP

      3072:oUJcd05FjZIQuPZ1y/7wMi63LD6z2qoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaat:oiFNaCE967MoaaaaaaaaaaaaaaaaaaaU

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks