42a9e52b0f5d2fe68d9fe714b81cc5933b770007937a0ba1351d064b6ac8c1c8 | Triage

Submit
Reports

Overview

overview

Static

static

1

f779414ba9...18.xls

windows7-x64

f779414ba9...18.xls

windows10-2004-x64

Sharing

General

Target

f779414ba9e74c0e910fe98324df4df2_JaffaCakes118
Size

469KB
Sample

240418-hgzgradg73
MD5

f779414ba9e74c0e910fe98324df4df2
SHA1

23f0f4bf94826bf13a0d4d1572c677d497535fbc
SHA256

42a9e52b0f5d2fe68d9fe714b81cc5933b770007937a0ba1351d064b6ac8c1c8
SHA512

f0936ffb79090a48d992c2a03dfac50a4462256b54e381dc4629b44ffbd5a8cc63f41153bf5dd266c631395b0e1156bdc3147780fd34bf4b650e2f499291bc53
SSDEEP

6144:t9qmuF5g70IS6NQzZ5E+4VsPrFt3CBCT0rAZlCufjGg093NlvJsOn5f:RO5s0ID7CPr0C+WgufCgyvOOn5f

Score

10^/10

evasion macro macro_on_action persistence xlm

Static task

static1

Behavioral task

behavioral1

Sample

f779414ba9e74c0e910fe98324df4df2_JaffaCakes118.xls

Resource

win7-20240221-en

evasion macro macro_on_action persistence xlm

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f779414ba9e74c0e910fe98324df4df2_JaffaCakes118.xls

Resource

win10v2004-20240412-en

evasion macro macro_on_action persistence xlm

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f779414ba9e74c0e910fe98324df4df2_JaffaCakes118
- Size
  
  469KB
- MD5
  
  f779414ba9e74c0e910fe98324df4df2
- SHA1
  
  23f0f4bf94826bf13a0d4d1572c677d497535fbc
- SHA256
  
  42a9e52b0f5d2fe68d9fe714b81cc5933b770007937a0ba1351d064b6ac8c1c8
- SHA512
  
  f0936ffb79090a48d992c2a03dfac50a4462256b54e381dc4629b44ffbd5a8cc63f41153bf5dd266c631395b0e1156bdc3147780fd34bf4b650e2f499291bc53
- SSDEEP
  
  6144:t9qmuF5g70IS6NQzZ5E+4VsPrFt3CBCT0rAZlCufjGg093NlvJsOn5f:RO5s0ID7CPr0C+WgufCgyvOOn5f
Score

10^/10

evasion macro macro_on_action persistence xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionmacromacro_on_actionpersistencexlm

behavioral2

evasionmacromacro_on_actionpersistencexlm

© 2018-2024

Terms | Privacy