b2d4134bcc1525b87dcaeb6730450726d2f0846e06d33893fc8e84b7367d318c

General

Target

fcf9de6af65858b0218dff53651275e6_JaffaCakes118
Size

247KB
Sample

240420-rw53hsaf82
MD5

fcf9de6af65858b0218dff53651275e6
SHA1

9172af187c13029aa3c96b93f99b6a3eafe57ec5
SHA256

b2d4134bcc1525b87dcaeb6730450726d2f0846e06d33893fc8e84b7367d318c
SHA512

4690e71724206d0723e15fd5282c5884b4d64a67f95dc662160fd693267b557908ad98a1181085f47a7e2e33251448d9ce6b95a1cc55c4b5abe1608fbd0be4de
SSDEEP

6144:5Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dg59jWvcZZdtjq15OD7IvOEPD0lgvS3enw7C:U9jFrjmkD7IvLDK3vLvfn1+2Q

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://samtnpy.org/bveCGKTX/ghb.html

xlm40.dropper

https://massngo.org/dXKvyKV9v8c/ghb.html

xlm40.dropper

https://vathiriyar.org/uy0Tk0keJUr/ghb.html

Targets

- Target
  
  fcf9de6af65858b0218dff53651275e6_JaffaCakes118
- Size
  
  247KB
- MD5
  
  fcf9de6af65858b0218dff53651275e6
- SHA1
  
  9172af187c13029aa3c96b93f99b6a3eafe57ec5
- SHA256
  
  b2d4134bcc1525b87dcaeb6730450726d2f0846e06d33893fc8e84b7367d318c
- SHA512
  
  4690e71724206d0723e15fd5282c5884b4d64a67f95dc662160fd693267b557908ad98a1181085f47a7e2e33251448d9ce6b95a1cc55c4b5abe1608fbd0be4de
- SSDEEP
  
  6144:5Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dg59jWvcZZdtjq15OD7IvOEPD0lgvS3enw7C:U9jFrjmkD7IvLDK3vLvfn1+2Q
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2