40ff34663747af1284e5407f28c37c15979433c2873ed35c85fe5f90f8a4fc02 | Triage

Sharing

General

Target

f9d625d39d11c4508ce5306c419e0cc7_JaffaCakes118
Size

36KB
Sample

240419-jlj4asda9y
MD5

f9d625d39d11c4508ce5306c419e0cc7
SHA1

7c41c8e377142d9e7d1a1e14e172faea65175e23
SHA256

40ff34663747af1284e5407f28c37c15979433c2873ed35c85fe5f90f8a4fc02
SHA512

d3302bfd8ce2740baccfec1ce105b262b2532020a817a3524905e8cd848a64be7a9524b436ad39350226f5391dcca1acb970a7ef781f925505a6f03fb4e730ea
SSDEEP

768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJLvIo/3BVt6Sv7ps3O:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nq

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://syracuse.best/wp-data.php

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  f9d625d39d11c4508ce5306c419e0cc7_JaffaCakes118
- Size
  
  36KB
- MD5
  
  f9d625d39d11c4508ce5306c419e0cc7
- SHA1
  
  7c41c8e377142d9e7d1a1e14e172faea65175e23
- SHA256
  
  40ff34663747af1284e5407f28c37c15979433c2873ed35c85fe5f90f8a4fc02
- SHA512
  
  d3302bfd8ce2740baccfec1ce105b262b2532020a817a3524905e8cd848a64be7a9524b436ad39350226f5391dcca1acb970a7ef781f925505a6f03fb4e730ea
- SSDEEP
  
  768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJLvIo/3BVt6Sv7ps3O:Bok3hbdlylKsgqopeJBWhZFGkE+cL2Nq
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2