Overview

overview

10

Static

static

8

ff3de89f9e...8.xlsb

windows7-x64

10

ff3de89f9e...8.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff3de89f9e606b48bf73980e98d6427b_JaffaCakes118

  • Size

    369KB

  • Sample

    240421-pb2hgsbc81

  • MD5

    ff3de89f9e606b48bf73980e98d6427b

  • SHA1

    fb6d7596e27d8d4df006e9d4b53e709f6d419950

  • SHA256

    5d3c9aebb0cae9d71e339df6dda52da6679ea1b95090eb51c66032f93516e800

  • SHA512

    da9dd5c165a001ed79c47ce3f57d7bfe1fb2d7f4990f7470baa166575482ff07b204e047c24421c0ad4510b538c8f588e00c7840cd022e3ef6186e5831c32206

  • SSDEEP

    6144:or3f/jgJ6MH+Z0VYOH3R+Md2LohOGYw6CC5jTT453mjEIbWiGVAKSLFN+YInSCRF:kf/c8kxek3YM8L2OGY/TTy2jEIJc6FNg

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ff3de89f9e606b48bf73980e98d6427b_JaffaCakes118

    • Size

      369KB

    • MD5

      ff3de89f9e606b48bf73980e98d6427b

    • SHA1

      fb6d7596e27d8d4df006e9d4b53e709f6d419950

    • SHA256

      5d3c9aebb0cae9d71e339df6dda52da6679ea1b95090eb51c66032f93516e800

    • SHA512

      da9dd5c165a001ed79c47ce3f57d7bfe1fb2d7f4990f7470baa166575482ff07b204e047c24421c0ad4510b538c8f588e00c7840cd022e3ef6186e5831c32206

    • SSDEEP

      6144:or3f/jgJ6MH+Z0VYOH3R+Md2LohOGYw6CC5jTT453mjEIbWiGVAKSLFN+YInSCRF:kf/c8kxek3YM8L2OGY/TTy2jEIJc6FNg

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks