Overview

overview

10

Static

static

8

65b433392c...18.xls

windows7-x64

10

65b433392c...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65b433392c856bcf8457f4f25a3c9228_JaffaCakes118

  • Size

    36KB

  • Sample

    240723-cdrd3s1gqp

  • MD5

    65b433392c856bcf8457f4f25a3c9228

  • SHA1

    94941ac6d7d0dda8404d2f2c44e2e99269cfb1c1

  • SHA256

    9084aca9c6c96722be49e439d8082661714c9ab504304bdfe5d8096ce9e3eb6c

  • SHA512

    5885fcc6b71fd10028aa90307375389226ea9b69c98f5d42524ddf0a2138bf536fa4d8525f61843d7c21843a9d81f75aa35a6c98ce5ca4ed3d78a78938589517

  • SSDEEP

    768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJI/RS1a8khCsgzTSpwq1:Bok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      65b433392c856bcf8457f4f25a3c9228_JaffaCakes118

    • Size

      36KB

    • MD5

      65b433392c856bcf8457f4f25a3c9228

    • SHA1

      94941ac6d7d0dda8404d2f2c44e2e99269cfb1c1

    • SHA256

      9084aca9c6c96722be49e439d8082661714c9ab504304bdfe5d8096ce9e3eb6c

    • SHA512

      5885fcc6b71fd10028aa90307375389226ea9b69c98f5d42524ddf0a2138bf536fa4d8525f61843d7c21843a9d81f75aa35a6c98ce5ca4ed3d78a78938589517

    • SSDEEP

      768:JPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJI/RS1a8khCsgzTSpwq1:Bok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks