Overview

overview

10

Static

static

8

0d0b66217e...18.xls

windows7-x64

10

0d0b66217e...18.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0d0b66217eb8cf8e17754331f77c67ec_JaffaCakes118

  • Size

    170KB

  • Sample

    241003-ahnsmsvajl

  • MD5

    0d0b66217eb8cf8e17754331f77c67ec

  • SHA1

    6064b05c7c7117032250818e55985432406b9a22

  • SHA256

    716dec13d238ab64c0caa1951164596460e6981992224a2d67d654eea7e651da

  • SHA512

    cf8de7cc230b02f2861b7a8142d95fc54ba3b9eccbe9989a551a857f8113d27383a3fd5e5dbb5b982460a9a472819e12ffd92d9fc0f80833ab44ccff32f51388

  • SSDEEP

    3072:bz6E7DlCN0/mxYjmUxj6dpf7akpXCBxalMX+A5yrkdWPIB6zsleX/qBUbOl4/SpP:bzODakKAzI

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      0d0b66217eb8cf8e17754331f77c67ec_JaffaCakes118

    • Size

      170KB

    • MD5

      0d0b66217eb8cf8e17754331f77c67ec

    • SHA1

      6064b05c7c7117032250818e55985432406b9a22

    • SHA256

      716dec13d238ab64c0caa1951164596460e6981992224a2d67d654eea7e651da

    • SHA512

      cf8de7cc230b02f2861b7a8142d95fc54ba3b9eccbe9989a551a857f8113d27383a3fd5e5dbb5b982460a9a472819e12ffd92d9fc0f80833ab44ccff32f51388

    • SSDEEP

      3072:bz6E7DlCN0/mxYjmUxj6dpf7akpXCBxalMX+A5yrkdWPIB6zsleX/qBUbOl4/SpP:bzODakKAzI

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks