a5ba345cebee3bdb28b3ccff6c7fa8b6d2e0cf0a6fab021e22cc3bfe1d5362dd | Triage

Sharing

General

Target

a606ab4e458a535f77f41f8db616e485_JaffaCakes118
Size

11KB
Sample

240613-rtqvtasfqc
MD5

a606ab4e458a535f77f41f8db616e485
SHA1

b1e8aeda37cdd8859266a8c8d62572e4f7201cf4
SHA256

a5ba345cebee3bdb28b3ccff6c7fa8b6d2e0cf0a6fab021e22cc3bfe1d5362dd
SHA512

cc6995c5e04824393466a93135bf69b5f93c930c89498063be696efd1ef06568c4d0a7c6cfc08cf0ec67a82cf26d1a0f81e01519b9edcea5e37aa54e145934d6
SSDEEP

192:CtNCWUyn0i13pNXqkOcPiYFLwzvdX6Ptpwjnw+umHBCSfXVJ:aNxUyn0i13LROEiOLkX6Ujnw+39XVJ

Score

10^/10

websettings

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://shareallfilesthroughsecureexchangesystem.duckdns.org/doc/document_100201.doc

Targets

- Target
  
  a606ab4e458a535f77f41f8db616e485_JaffaCakes118
- Size
  
  11KB
- MD5
  
  a606ab4e458a535f77f41f8db616e485
- SHA1
  
  b1e8aeda37cdd8859266a8c8d62572e4f7201cf4
- SHA256
  
  a5ba345cebee3bdb28b3ccff6c7fa8b6d2e0cf0a6fab021e22cc3bfe1d5362dd
- SHA512
  
  cc6995c5e04824393466a93135bf69b5f93c930c89498063be696efd1ef06568c4d0a7c6cfc08cf0ec67a82cf26d1a0f81e01519b9edcea5e37aa54e145934d6
- SSDEEP
  
  192:CtNCWUyn0i13pNXqkOcPiYFLwzvdX6Ptpwjnw+umHBCSfXVJ:aNxUyn0i13LROEiOLkX6Ujnw+39XVJ
Score

7^/10
- Abuses OpenXML format to download file from external location
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2