ac27f8cce631b1d465e9545a31f93465cdd8fad10383822f771d782e4da5c859 | Triage

Sharing

General

Target

e2472ae1d55f04ba5f0ea467a9f0ab6a_JaffaCakes118
Size

102KB
Sample

241211-tsg8dsvlhp
MD5

e2472ae1d55f04ba5f0ea467a9f0ab6a
SHA1

9844560ef53b6b2bf4770680736840750b788bb9
SHA256

ac27f8cce631b1d465e9545a31f93465cdd8fad10383822f771d782e4da5c859
SHA512

841ce9c3e890c1c7ef9780d00f7a198856ea7fa9786e192e08871137f4f688593da7da4a2c3c2415f8f3d1468d625ce76a20ac3bd0fba0ead1d37164680a8317
SSDEEP

1536:7aaaurLkmrxrWVbrzQt9+gITkR62lKM88bcJtXwRjM2M/M1piP62:/WVbrzQdITk9RjAJtXwi5kPiP/

Score

10^/10

defense_evasion discovery macro xlm

Malware Config

Targets

- Target
  
  e2472ae1d55f04ba5f0ea467a9f0ab6a_JaffaCakes118
- Size
  
  102KB
- MD5
  
  e2472ae1d55f04ba5f0ea467a9f0ab6a
- SHA1
  
  9844560ef53b6b2bf4770680736840750b788bb9
- SHA256
  
  ac27f8cce631b1d465e9545a31f93465cdd8fad10383822f771d782e4da5c859
- SHA512
  
  841ce9c3e890c1c7ef9780d00f7a198856ea7fa9786e192e08871137f4f688593da7da4a2c3c2415f8f3d1468d625ce76a20ac3bd0fba0ead1d37164680a8317
- SSDEEP
  
  1536:7aaaurLkmrxrWVbrzQt9+gITkR62lKM88bcJtXwRjM2M/M1piP62:/WVbrzQdITk9RjAJtXwi5kPiP/
Score

10^/10

defense_evasion discovery macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasionmacroxlm