ad70a8559feac15561f4085b308c7b990ebe14017936c187341fe210e4666030 | Triage

Sharing

General

Target

d9dd4303ff2775177dbb700605beed2a_JaffaCakes118
Size

104KB
Sample

241209-qtv9vsyraw
MD5

d9dd4303ff2775177dbb700605beed2a
SHA1

972fa6de501750c22a08ece65c48c4bfc789d935
SHA256

ad70a8559feac15561f4085b308c7b990ebe14017936c187341fe210e4666030
SHA512

cc38fd016d07c9ebc15298e16c51b7966bff1b521d19fc68413b4956d36a81f4b794d3f23d3e5e6b7e552b0920852406217f28c5253de7ababbbff2f0f96b815
SSDEEP

1536:0WWWWSJ4kkXZh+lCi4szenWVbrzQ7oVCkTkR62lXXxeXcJtXwodM2M/MylFd2:gGsWVbrzQ7oV9Tk95wMJtXwl5ked2

Score

10^/10

defense_evasion discovery macro xlm

Malware Config

Targets

- Target
  
  d9dd4303ff2775177dbb700605beed2a_JaffaCakes118
- Size
  
  104KB
- MD5
  
  d9dd4303ff2775177dbb700605beed2a
- SHA1
  
  972fa6de501750c22a08ece65c48c4bfc789d935
- SHA256
  
  ad70a8559feac15561f4085b308c7b990ebe14017936c187341fe210e4666030
- SHA512
  
  cc38fd016d07c9ebc15298e16c51b7966bff1b521d19fc68413b4956d36a81f4b794d3f23d3e5e6b7e552b0920852406217f28c5253de7ababbbff2f0f96b815
- SSDEEP
  
  1536:0WWWWSJ4kkXZh+lCi4szenWVbrzQ7oVCkTkR62lXXxeXcJtXwodM2M/MylFd2:gGsWVbrzQ7oV9Tk95wMJtXwl5ked2
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasionmacroxlm