Overview

overview

10

Static

static

8

fe0f5ae3b7...18.xls

windows7-x64

10

fe0f5ae3b7...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe0f5ae3b710eec1e619608577db6799_JaffaCakes118

  • Size

    120KB

  • Sample

    240421-bc8rasef96

  • MD5

    fe0f5ae3b710eec1e619608577db6799

  • SHA1

    9dd9b0f059bc2ad4ee5f99ecf85646fc9387d8c7

  • SHA256

    50ade8417dbe90a185704054a83aae74d5bbf2c7cdb4de211b3a11a2990de207

  • SHA512

    1b3f12e2b565d654abc66d091c6eb2a1ff7b9d26eb88ac7068566363edd603fb7952f1eb76561ec6aaa86a3f69e5029f3bbd0157a5e15cbd0101bfdae7bdb557

  • SSDEEP

    3072:It1olbY7GpWoWVbrzQ7ITk932AJtXww5kjFB:It1olTG2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      fe0f5ae3b710eec1e619608577db6799_JaffaCakes118

    • Size

      120KB

    • MD5

      fe0f5ae3b710eec1e619608577db6799

    • SHA1

      9dd9b0f059bc2ad4ee5f99ecf85646fc9387d8c7

    • SHA256

      50ade8417dbe90a185704054a83aae74d5bbf2c7cdb4de211b3a11a2990de207

    • SHA512

      1b3f12e2b565d654abc66d091c6eb2a1ff7b9d26eb88ac7068566363edd603fb7952f1eb76561ec6aaa86a3f69e5029f3bbd0157a5e15cbd0101bfdae7bdb557

    • SSDEEP

      3072:It1olbY7GpWoWVbrzQ7ITk932AJtXww5kjFB:It1olTG2

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks