Overview

overview

10

Static

static

8

f80b185f88...8.xlsm

windows7-x64

10

f80b185f88...8.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f80b185f8844664f6071c813ad623097_JaffaCakes118

  • Size

    325KB

  • Sample

    240418-p8epzseh5y

  • MD5

    f80b185f8844664f6071c813ad623097

  • SHA1

    1438faec51d306c6d6024384bb84f5f609f7049b

  • SHA256

    31415ef547867e465d423fcd698cd382db737efeb95356f6a1c06ca8a0f88549

  • SHA512

    0738c38a2264d445598e5bd94c8c4d4ce6f5b3eab9cc40aa8f9327f5fd91e90e546d73810433614954d5d733f98054dbfde1e39cc42f51c2ef7308d19960c4d4

  • SSDEEP

    6144:QR9HMInvpPbR/5L4YvQ6bgcsEEmi+efMi0oGk9+bxrGc1wwefeSdxxD2QwxYrdW:QR9tRbtp4Wl8cnEQeNG7Vikw5flNixIW

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f80b185f8844664f6071c813ad623097_JaffaCakes118

    • Size

      325KB

    • MD5

      f80b185f8844664f6071c813ad623097

    • SHA1

      1438faec51d306c6d6024384bb84f5f609f7049b

    • SHA256

      31415ef547867e465d423fcd698cd382db737efeb95356f6a1c06ca8a0f88549

    • SHA512

      0738c38a2264d445598e5bd94c8c4d4ce6f5b3eab9cc40aa8f9327f5fd91e90e546d73810433614954d5d733f98054dbfde1e39cc42f51c2ef7308d19960c4d4

    • SSDEEP

      6144:QR9HMInvpPbR/5L4YvQ6bgcsEEmi+efMi0oGk9+bxrGc1wwefeSdxxD2QwxYrdW:QR9tRbtp4Wl8cnEQeNG7Vikw5flNixIW

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks