Overview

overview

10

Static

static

8

f76b416ff4...8.xlsb

windows7-x64

10

f76b416ff4...8.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f76b416ff446c5a252b3c82e7bb3a181_JaffaCakes118

  • Size

    345KB

  • Sample

    240418-gvrtdsef2x

  • MD5

    f76b416ff446c5a252b3c82e7bb3a181

  • SHA1

    75fb5fa0c5e84187ed024e90b6148557cc9dd2f2

  • SHA256

    e8b85e89495f9bf9f9b1ac4cd123155375972772a0fc899c584c226525ecfb5c

  • SHA512

    45549a981f139a691c5d21888aa16aae1c45f902b1b5cdf199a0ed66c563b36a75c8f4354bd0295632c82f8f8674b5ad46304da4e8742e590bd373a1af0dd201

  • SSDEEP

    6144:oro8Xs602LohOGYw6CC5jTT453mjEIbWiGVAKSLFN+YInSCRvuPsxNj:co8XLrL2OGY/TTy2jEIJc6FNu3uPmNj

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f76b416ff446c5a252b3c82e7bb3a181_JaffaCakes118

    • Size

      345KB

    • MD5

      f76b416ff446c5a252b3c82e7bb3a181

    • SHA1

      75fb5fa0c5e84187ed024e90b6148557cc9dd2f2

    • SHA256

      e8b85e89495f9bf9f9b1ac4cd123155375972772a0fc899c584c226525ecfb5c

    • SHA512

      45549a981f139a691c5d21888aa16aae1c45f902b1b5cdf199a0ed66c563b36a75c8f4354bd0295632c82f8f8674b5ad46304da4e8742e590bd373a1af0dd201

    • SSDEEP

      6144:oro8Xs602LohOGYw6CC5jTT453mjEIbWiGVAKSLFN+YInSCRvuPsxNj:co8XLrL2OGY/TTy2jEIJc6FNu3uPmNj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks