d64a4bc5a53e92c3c103fc2fb2c36a4e87dee2eed0cf12f3a3ad8d9b1f921d1e | Triage

Sharing

General

Target

507ccafbc9a5a695fe24dda6bd3e22ef_JaffaCakes118
Size

375KB
Sample

240716-3as2lsvemp
MD5

507ccafbc9a5a695fe24dda6bd3e22ef
SHA1

c728a46c752984e40cd682dc9cbef00e517905d5
SHA256

d64a4bc5a53e92c3c103fc2fb2c36a4e87dee2eed0cf12f3a3ad8d9b1f921d1e
SHA512

2f6325065e41e3dc79f94448ab96f8af784a320a38d2f32dfb07873acad97aae1bf3aa5662731f2b1808030d4533dc473ba5a001c9ca69c347df08f7fe6857e5
SSDEEP

6144:T72PdFVk2fDw/gljuzasZ1Jxog5EXnSksMPIKRFkWns9groUKNrCdl48l3PinRVu:/2fVk2fDwu4ae2g2vsMfPnOgroHNrCdP

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://app.itmagf.com/ds/1702.gif

Targets

- Target
  
  document-2009388069.xls
- Size
  
  315KB
- MD5
  
  5b0b2913a724711bcf2f01821c93d205
- SHA1
  
  e64aac1ffe55d90519a489f4eb60b882ea34a10d
- SHA256
  
  facad0c1aeb04ece3d6f82cc217cc0a2c256db16bf648cd910d7675de4384178
- SHA512
  
  5141aa6b630de453aa95e929afef0d6159d1a063d86cad43a9f43ca73765da3c33a5261ae0023c30ad219b59bd5a5a8e76baef2425cbe7cd097167bdac8f18e8
- SSDEEP
  
  6144:VcKoSsxzNDZLDZjlbR868O8KlVH3l+cq7uDphYHceXVhca+fMHLty/xcl8OR4Pio:nWr0IRHM4p+3DavLhQS
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2