db936924f807df5b2197b9e4443da196f8a561a137b136db48987163723542ae | Triage

Submit
Reports

Overview

overview

Static

static

8

de03f2b1c1...18.xls

windows7-x64

de03f2b1c1...18.xls

windows10-2004-x64

Sharing

General

Target

de03f2b1c1b13cf8e0cbb4818cf8c12c_JaffaCakes118
Size

85KB
Sample

241210-wmgqsasjhx
MD5

de03f2b1c1b13cf8e0cbb4818cf8c12c
SHA1

deed5efa59761e76661470b87e8520acedce952e
SHA256

db936924f807df5b2197b9e4443da196f8a561a137b136db48987163723542ae
SHA512

bc9c97f6c7721db5481aa8d749efb4ea30f143e7e9739a8a7d71225945daeec4eb0c25c0dffd992133e44d9003ed45965b1e0b9fa229c3708acde99d258059d6
SSDEEP

1536:4sss2T4u4WVbrzQ7ImZe7WDkbA23fM88ScJtXJK4NO:DWVbrzQ7ImuWDkZUjhJtXJTO

Score

10^/10

defense_evasion discovery macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

de03f2b1c1b13cf8e0cbb4818cf8c12c_JaffaCakes118.xls

Resource

win7-20240903-en

defense_evasion discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

de03f2b1c1b13cf8e0cbb4818cf8c12c_JaffaCakes118.xls

Resource

win10v2004-20241007-en

defense_evasion macro xlm

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  de03f2b1c1b13cf8e0cbb4818cf8c12c_JaffaCakes118
- Size
  
  85KB
- MD5
  
  de03f2b1c1b13cf8e0cbb4818cf8c12c
- SHA1
  
  deed5efa59761e76661470b87e8520acedce952e
- SHA256
  
  db936924f807df5b2197b9e4443da196f8a561a137b136db48987163723542ae
- SHA512
  
  bc9c97f6c7721db5481aa8d749efb4ea30f143e7e9739a8a7d71225945daeec4eb0c25c0dffd992133e44d9003ed45965b1e0b9fa229c3708acde99d258059d6
- SSDEEP
  
  1536:4sss2T4u4WVbrzQ7ImZe7WDkbA23fM88ScJtXJK4NO:DWVbrzQ7ImuWDkZUjhJtXJTO
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasionmacroxlm

© 2018-2024

Terms | Privacy