6e8d0c4d192be8126d023e06e646683a9d754cdf2018ba0c79785530e2fec6c5 | Triage

Sharing

General

Target

ecaca7e7b5b9603abc76a5c04eb5c9f2_JaffaCakes118
Size

50KB
Sample

240920-c2sl2sthnb
MD5

ecaca7e7b5b9603abc76a5c04eb5c9f2
SHA1

ee130bcaae46b2e98dd3f8d38cbdf2ee05f87e77
SHA256

6e8d0c4d192be8126d023e06e646683a9d754cdf2018ba0c79785530e2fec6c5
SHA512

e59d71f50ce774c2a6b6c5679e9bffe18dbf44cc892276b15f7bb826c2b1f0b53fc79c32487928a62e78cf55b244d41a4662513d2892748fece03c13365fa3a8
SSDEEP

1536:+/7uDphYHceXVhca+fMHLtyeGxcl8/dgbD6yzsF6BCKXrSA+Ql:+/7uDphYHceXVhca+fMHLtyeGxcl8/dU

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://exploshot.com/24.gif

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://exploshot.com/24.gif

Targets

- Target
  
  ecaca7e7b5b9603abc76a5c04eb5c9f2_JaffaCakes118
- Size
  
  50KB
- MD5
  
  ecaca7e7b5b9603abc76a5c04eb5c9f2
- SHA1
  
  ee130bcaae46b2e98dd3f8d38cbdf2ee05f87e77
- SHA256
  
  6e8d0c4d192be8126d023e06e646683a9d754cdf2018ba0c79785530e2fec6c5
- SHA512
  
  e59d71f50ce774c2a6b6c5679e9bffe18dbf44cc892276b15f7bb826c2b1f0b53fc79c32487928a62e78cf55b244d41a4662513d2892748fece03c13365fa3a8
- SSDEEP
  
  1536:+/7uDphYHceXVhca+fMHLtyeGxcl8/dgbD6yzsF6BCKXrSA+Ql:+/7uDphYHceXVhca+fMHLtyeGxcl8/dU
Score

10^/10

discovery
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2