1885a7e7e091f3363c7e809515a77bc9883f44bb6a81a539c852fd0d2438513c | Triage

Submit
Reports

Overview

overview

Static

static

8

dcab0482f0...18.xls

windows7-x64

dcab0482f0...18.xls

windows10-2004-x64

Sharing

General

Target

dcab0482f019071dc72d68380cb94f54_JaffaCakes118
Size

146KB
Sample

241210-daerjswmgp
MD5

dcab0482f019071dc72d68380cb94f54
SHA1

047f343cd5594b54acb37e14336c3f587777afe8
SHA256

1885a7e7e091f3363c7e809515a77bc9883f44bb6a81a539c852fd0d2438513c
SHA512

e234d081f863cca83fb93449e2d64e3aa9aa271e6f51b9cd0d6e68ceca92c930f3812dd35c8f0d6af9915213e079b499401eb097af3e3d030aa192fb6d57f05a
SSDEEP

3072:a/1Bbai7+WVbrzAZD7ITk9CU0JtXwk5k62TW:y3p7cDi

Score

10^/10

defense_evasion discovery macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dcab0482f019071dc72d68380cb94f54_JaffaCakes118.xls

Resource

win7-20240903-en

defense_evasion discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcab0482f019071dc72d68380cb94f54_JaffaCakes118.xls

Resource

win10v2004-20241007-en

defense_evasion macro xlm

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  dcab0482f019071dc72d68380cb94f54_JaffaCakes118
- Size
  
  146KB
- MD5
  
  dcab0482f019071dc72d68380cb94f54
- SHA1
  
  047f343cd5594b54acb37e14336c3f587777afe8
- SHA256
  
  1885a7e7e091f3363c7e809515a77bc9883f44bb6a81a539c852fd0d2438513c
- SHA512
  
  e234d081f863cca83fb93449e2d64e3aa9aa271e6f51b9cd0d6e68ceca92c930f3812dd35c8f0d6af9915213e079b499401eb097af3e3d030aa192fb6d57f05a
- SSDEEP
  
  3072:a/1Bbai7+WVbrzAZD7ITk9CU0JtXwk5k62TW:y3p7cDi
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasionmacroxlm

© 2018-2024

Terms | Privacy