2c57cdeb1938688244dcaf05544e47daef28a6cec2866a674df9b6a4ed45237a | Triage

Sharing

General

Target

afa78afb7e8f2f47d8fc0d308abfb0bb_JaffaCakes118
Size

26KB
Sample

240820-r7aqraxgqa
MD5

afa78afb7e8f2f47d8fc0d308abfb0bb
SHA1

1ef3a820447080a44f5bd96f7c94c9c8e6765d3c
SHA256

2c57cdeb1938688244dcaf05544e47daef28a6cec2866a674df9b6a4ed45237a
SHA512

ce160e93222bd5592c8f6c7ac666a734dee3f0c065721a886d6ae5492dbaf668ad48d0c2eafc0d57c93b46cb9ae53b9f3a74e5739ea8181e085ba8779ccd528a
SSDEEP

384:6d3gdaSUlM9z5BUSMUtiJ+gK+qD8qsuSvNtmPWbtqpq/9R9dhqujV6M:IIvxgAPh+kNSaPWp5VR9WI

Score

10^/10

discovery macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://en.ioho.me/u87o11.txt

Targets

- Target
  
  afa78afb7e8f2f47d8fc0d308abfb0bb_JaffaCakes118
- Size
  
  26KB
- MD5
  
  afa78afb7e8f2f47d8fc0d308abfb0bb
- SHA1
  
  1ef3a820447080a44f5bd96f7c94c9c8e6765d3c
- SHA256
  
  2c57cdeb1938688244dcaf05544e47daef28a6cec2866a674df9b6a4ed45237a
- SHA512
  
  ce160e93222bd5592c8f6c7ac666a734dee3f0c065721a886d6ae5492dbaf668ad48d0c2eafc0d57c93b46cb9ae53b9f3a74e5739ea8181e085ba8779ccd528a
- SSDEEP
  
  384:6d3gdaSUlM9z5BUSMUtiJ+gK+qD8qsuSvNtmPWbtqpq/9R9dhqujV6M:IIvxgAPh+kNSaPWp5VR9WI
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2