Overview

overview

10

Static

static

8

de4ba36c5c...18.xls

windows7-x64

10

de4ba36c5c...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de4ba36c5c6482667815730fc0eb84ee_JaffaCakes118

  • Size

    100KB

  • Sample

    241210-x4lazazphp

  • MD5

    de4ba36c5c6482667815730fc0eb84ee

  • SHA1

    2bb15139ed80431fb627f5cbd539c59c83a2fb9c

  • SHA256

    f5348744376b195215d0aee02b11bc26fc692ac5f3ec19aa2dcc4e6c6cef74b4

  • SHA512

    973bf0dc62c77acb1067fc1a1a1001ab628b7fb1dba2c9b0064e815e995232ec2a6bba0ca4a5bfd3ae93ab7ad0655b7c6238b5039c1a6ad4c9d727fb50b45d61

  • SSDEEP

    1536:xttttcTBVp7pMPKTVWVbCFOSzQ7ITkR62liM88fcJtXwRkM2M/MdA6:OWVbi7zQ7ITk9FjkJtXwp5k+6

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      de4ba36c5c6482667815730fc0eb84ee_JaffaCakes118

    • Size

      100KB

    • MD5

      de4ba36c5c6482667815730fc0eb84ee

    • SHA1

      2bb15139ed80431fb627f5cbd539c59c83a2fb9c

    • SHA256

      f5348744376b195215d0aee02b11bc26fc692ac5f3ec19aa2dcc4e6c6cef74b4

    • SHA512

      973bf0dc62c77acb1067fc1a1a1001ab628b7fb1dba2c9b0064e815e995232ec2a6bba0ca4a5bfd3ae93ab7ad0655b7c6238b5039c1a6ad4c9d727fb50b45d61

    • SSDEEP

      1536:xttttcTBVp7pMPKTVWVbCFOSzQ7ITkR62liM88fcJtXwRkM2M/MdA6:OWVbi7zQ7ITk9FjkJtXwp5k+6

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks