Overview

overview

10

Static

static

8

fadd22bf47...8.xlsb

windows7-x64

10

fadd22bf47...8.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fadd22bf47bd1d1323d2eee65d469429_JaffaCakes118

  • Size

    320KB

  • Sample

    240419-wlpd8scb6w

  • MD5

    fadd22bf47bd1d1323d2eee65d469429

  • SHA1

    dd61e188a11a7c9addf97ca12ccdfcf45064297d

  • SHA256

    34b7091e57e91881530b0fee7a73e9cbcbfb32acffab0edfe1ef6f617b9b298a

  • SHA512

    5b4fb33ff54ab33caa802e2064ef96ccf7d4f956c25bae61a95aaa714a565d43a9ccaee74f5337b10ea9739663af98b500dae075e1bcb0b66ef7062822511995

  • SSDEEP

    6144:oiLGOsHTiidXO/J6t/VYfASkKTzZYwPMPFde/Qxx2u+OA+NT5Ad:sTi8X7ifASkKTzSwkPFduQx0uD+d

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      fadd22bf47bd1d1323d2eee65d469429_JaffaCakes118

    • Size

      320KB

    • MD5

      fadd22bf47bd1d1323d2eee65d469429

    • SHA1

      dd61e188a11a7c9addf97ca12ccdfcf45064297d

    • SHA256

      34b7091e57e91881530b0fee7a73e9cbcbfb32acffab0edfe1ef6f617b9b298a

    • SHA512

      5b4fb33ff54ab33caa802e2064ef96ccf7d4f956c25bae61a95aaa714a565d43a9ccaee74f5337b10ea9739663af98b500dae075e1bcb0b66ef7062822511995

    • SSDEEP

      6144:oiLGOsHTiidXO/J6t/VYfASkKTzZYwPMPFde/Qxx2u+OA+NT5Ad:sTi8X7ifASkKTzSwkPFduQx0uD+d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks