e3462d258f0247f1db6b618620f570208c9fafbfdf79aa51358ad140a4adbf84 | Triage

Sharing

General

Target

b9cb5b440d5d408e27c4685f50c5aa17_JaffaCakes118
Size

258KB
Sample

240823-bmzalsxgla
MD5

b9cb5b440d5d408e27c4685f50c5aa17
SHA1

19a2a767171cb7c6609f150e8c86456fa2bba9ec
SHA256

e3462d258f0247f1db6b618620f570208c9fafbfdf79aa51358ad140a4adbf84
SHA512

472db388bebf745cc30f41196a81c2b6a93f6845ec6b07170515cff8d81a2e6007639bcf725b29698f96033738961b4ba70abf395fcf9c2d0dc57e0daf4edd3a
SSDEEP

6144:Jk3hbdlylKsgqopeJBWhZFVE+W2NdANWIIrepCVs1jrRex1CbDR1exbn:0jepC0jFevaRspn

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ochko123.net/xls_c.php

Targets

- Target
  
  b9cb5b440d5d408e27c4685f50c5aa17_JaffaCakes118
- Size
  
  258KB
- MD5
  
  b9cb5b440d5d408e27c4685f50c5aa17
- SHA1
  
  19a2a767171cb7c6609f150e8c86456fa2bba9ec
- SHA256
  
  e3462d258f0247f1db6b618620f570208c9fafbfdf79aa51358ad140a4adbf84
- SHA512
  
  472db388bebf745cc30f41196a81c2b6a93f6845ec6b07170515cff8d81a2e6007639bcf725b29698f96033738961b4ba70abf395fcf9c2d0dc57e0daf4edd3a
- SSDEEP
  
  6144:Jk3hbdlylKsgqopeJBWhZFVE+W2NdANWIIrepCVs1jrRex1CbDR1exbn:0jepC0jFevaRspn
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2