74423c8236cd5057af8e4ffbf84fdcbb34f5e6dc8f8dc0520c685c7fd6bc100a | Triage

Sharing

General

Target

ad9550ee6ece8322501ed92d374d3928_JaffaCakes118
Size

165KB
Sample

240820-c6ntnatdql
MD5

ad9550ee6ece8322501ed92d374d3928
SHA1

d0617e5cb90b4db4fcf2269ffd8228b9ca4f89af
SHA256

74423c8236cd5057af8e4ffbf84fdcbb34f5e6dc8f8dc0520c685c7fd6bc100a
SHA512

531ab2de644449e17e4f6d4a708f98a89bd6ac972b0bc6ed6b725205e5a0412ef6b0dfa9bdb422f6732c5396b8d0c82783c88c3727496488c71cb960b25d2f0b
SSDEEP

3072:bScKoSsxzNDZLDZjlbR868O8KlVH3jiKq7uDphYHceXVhca+fMHLtyeGxcl8OUMj:OcKoSsxzNDZLDZjlbR868O8KlVH3jiK+

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.chipmania.it/mails/open.php

Targets

- Target
  
  ad9550ee6ece8322501ed92d374d3928_JaffaCakes118
- Size
  
  165KB
- MD5
  
  ad9550ee6ece8322501ed92d374d3928
- SHA1
  
  d0617e5cb90b4db4fcf2269ffd8228b9ca4f89af
- SHA256
  
  74423c8236cd5057af8e4ffbf84fdcbb34f5e6dc8f8dc0520c685c7fd6bc100a
- SHA512
  
  531ab2de644449e17e4f6d4a708f98a89bd6ac972b0bc6ed6b725205e5a0412ef6b0dfa9bdb422f6732c5396b8d0c82783c88c3727496488c71cb960b25d2f0b
- SSDEEP
  
  3072:bScKoSsxzNDZLDZjlbR868O8KlVH3jiKq7uDphYHceXVhca+fMHLtyeGxcl8OUMj:OcKoSsxzNDZLDZjlbR868O8KlVH3jiK+
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2