e3579c554233c38ec4824e0f798742892335f81b954f7bb98992cda5bb928717 | Triage

Submit
Reports

Overview

overview

Static

static

8

dc2e12f5cb...18.xls

windows7-x64

dc2e12f5cb...18.xls

windows10-2004-x64

Sharing

General

Target

dc2e12f5cbaa6953bbaee98ef7651504_JaffaCakes118
Size

125KB
Sample

241210-aqyyks1rgm
MD5

dc2e12f5cbaa6953bbaee98ef7651504
SHA1

6550ed4a8fa0ed2f4aa5640f2f73c0bcadcc17a8
SHA256

e3579c554233c38ec4824e0f798742892335f81b954f7bb98992cda5bb928717
SHA512

61a6b5c24ffc21f5ba5d0c3e28dbd0e6ca4f94ae5171d4a4ee4c097ec42574d6104d176c9c4e9a5d0f525fbb9c39c65f90a7760d1440ecd697e95249bffe01ad
SSDEEP

1536:NXXXzUPaT3LehKpR0dYFZpWVbrzQ7ITkR62ldM88ScJtXwReM2M/MPIU:GaT36hS7WVbrzQ7ITk9EjhJtXwf5kQU

Score

10^/10

defense_evasion discovery macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc2e12f5cbaa6953bbaee98ef7651504_JaffaCakes118.xls

Resource

win7-20241010-en

defense_evasion discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc2e12f5cbaa6953bbaee98ef7651504_JaffaCakes118.xls

Resource

win10v2004-20241007-en

defense_evasion macro xlm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc2e12f5cbaa6953bbaee98ef7651504_JaffaCakes118
- Size
  
  125KB
- MD5
  
  dc2e12f5cbaa6953bbaee98ef7651504
- SHA1
  
  6550ed4a8fa0ed2f4aa5640f2f73c0bcadcc17a8
- SHA256
  
  e3579c554233c38ec4824e0f798742892335f81b954f7bb98992cda5bb928717
- SHA512
  
  61a6b5c24ffc21f5ba5d0c3e28dbd0e6ca4f94ae5171d4a4ee4c097ec42574d6104d176c9c4e9a5d0f525fbb9c39c65f90a7760d1440ecd697e95249bffe01ad
- SSDEEP
  
  1536:NXXXzUPaT3LehKpR0dYFZpWVbrzQ7ITkR62ldM88ScJtXwReM2M/MPIU:GaT36hS7WVbrzQ7ITk9EjhJtXwf5kQU
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasionmacroxlm

© 2018-2024

Terms | Privacy