84c877324d21c0bea9ebe23c2172733fc6d6966f65c56b07885bdfef99c9d502

General

Target

405423424e9bc8ee54d7d4ae9d07f9cb_JaffaCakes118
Size

118KB
Sample

241013-rnq9dsvhml
MD5

405423424e9bc8ee54d7d4ae9d07f9cb
SHA1

7f875400026f183570d30252cd742ee9330c9713
SHA256

84c877324d21c0bea9ebe23c2172733fc6d6966f65c56b07885bdfef99c9d502
SHA512

fa37204d0126a5c3407b6cdefbfb0293763d195dc5c6b78c5fae1fc4b652020435675ad1faa4befe144027427a54b98faca557795642cc3f81bb1b7146dffc95
SSDEEP

3072:pUvc5pHmQjmRqHjPqBvJO/amA+RIWZEF397W/2TgO1CugwT:/59ROcsD+RXiF97ZQ5Q

Score

10^/10

Malware Config

Targets

- Target
  
  11.20计划分配/11.20.水泥经营紧急计划.xls
- Size
  
  112KB
- MD5
  
  d58f5ab81cc4b60a3eacf693d36c8139
- SHA1
  
  ff244ff4f4450177c93286777aefd0735e0bde8e
- SHA256
  
  adb37be1aee1a2604e07870bd40723c006df2682d27ec018d1157b153101f189
- SHA512
  
  0cd546a877188003bba8d07c221fd7a052b9ffb1461950194ef8edf3d0ac944faa1f2b422672da256e5a855d9e8c90262d896190a6e8714c0b17aa97f6b4e1b1
- SSDEEP
  
  3072:oj1gxv7yZmspH7+cclKisPI4ukoRWGN8WVbrzQ77TkPHeNyJtXw80ek0:q1gxv7yZmspH7+cclKisPI4ukoRWGNXL
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2
- Target
  
  11.20计划分配/11.20.锦源经营紧急计划2.xls
- Size
  
  118KB
- MD5
  
  fb096d1f5740c59a54a9d5d9c5b9365c
- SHA1
  
  9377e1f3c5fe67b4929a5da31ddc087b0e162d24
- SHA256
  
  7e674b6e7a1afc1c9990f9767e0377db5c3437e89d409f1203ea4adfbef94602
- SHA512
  
  47c82d35794c3b4768c1c444c719f424aa7d118dcdf24ee3b2a645caff0d55f65a075a718e787e673aa4c96850081d7b93251973a3ac606ad86ce9392e0fa1d8
- SSDEEP
  
  3072:BK1gxv7yZmspH7+cclKisPI4ukoRWGNyahUDwM3ZMiojWVbrzQ7vTkPifoJtXwfY:c1gxv7yZmspH7+cclKisPI4ukoRWGNyK
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral3 behavioral4
- Target
  
  11.20计划分配/11.20锦源经营紧急计划1.xls
- Size
  
  111KB
- MD5
  
  76f97f2d0f40e760f007611a849e2302
- SHA1
  
  710f270703a04f259a87746d3b46cb39be54d9f4
- SHA256
  
  5da678b4d80ff78fb8617b4a72ac9ae5aa5398a11f2a6321acd9279cb826e0b3
- SHA512
  
  a47f124d1eb68ed7f83451407f10d64d93ec4862a8c102eee78ef2b2b4244b6cfaab7f42573c454a63f407c64c34ff825350d71605f5af07a45e9c67c4608157
- SSDEEP
  
  3072:Km1gxv7yZmspH7+cclKisQ6NqTBun5o6WVbrzQ7MTkP7foJtXwf7ektW:B1gxv7yZmspH7+cclKisQ6NqTBun5oPs
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral5 behavioral6