69fc38b246bdcb72d8bedf6990f9096b524fd508cd0fd02766c3429021d60868 | Triage

Sharing

General

Target

51ba9390e30aa7739516e817f10812cc_JaffaCakes118
Size

89KB
Sample

240717-gqaz3s1dpb
MD5

51ba9390e30aa7739516e817f10812cc
SHA1

4a0f56958a45748fc8e87ae88338985a218cf2d9
SHA256

69fc38b246bdcb72d8bedf6990f9096b524fd508cd0fd02766c3429021d60868
SHA512

bbc8428e0a08ad0c1a7ac6f78cf5814e979987e5fb3e430a823981b6442d3c9843b92d1b74fd3fd54e78bf2fccc75c9ac7e09fb0f899722edd8b9d809cdca208
SSDEEP

1536:fEcKoSsxz1PDZLDZjlbR868O8KlVH347uDphYHceXVhca+fMHLtyeGxcl8O9pTIE:fEcKoSsxzNDZLDZjlbR868O8KlVH347x

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://admin.ecrtechnologyperu.com/ds/1902.gif

Targets

- Target
  
  51ba9390e30aa7739516e817f10812cc_JaffaCakes118
- Size
  
  89KB
- MD5
  
  51ba9390e30aa7739516e817f10812cc
- SHA1
  
  4a0f56958a45748fc8e87ae88338985a218cf2d9
- SHA256
  
  69fc38b246bdcb72d8bedf6990f9096b524fd508cd0fd02766c3429021d60868
- SHA512
  
  bbc8428e0a08ad0c1a7ac6f78cf5814e979987e5fb3e430a823981b6442d3c9843b92d1b74fd3fd54e78bf2fccc75c9ac7e09fb0f899722edd8b9d809cdca208
- SSDEEP
  
  1536:fEcKoSsxz1PDZLDZjlbR868O8KlVH347uDphYHceXVhca+fMHLtyeGxcl8O9pTIE:fEcKoSsxzNDZLDZjlbR868O8KlVH347x
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2