Overview

overview

10

Static

static

8

e440b52ecd...18.xls

windows7-x64

10

e440b52ecd...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e440b52ecd67afb0cab747d08e65a8e8_JaffaCakes118

  • Size

    117KB

  • Sample

    241212-cq46psxjft

  • MD5

    e440b52ecd67afb0cab747d08e65a8e8

  • SHA1

    b21b55c87165a5989f7b9e6936e3d589656d2329

  • SHA256

    cb50e886715d996249be68512a27a6e841d8868ad6b830aac70a7a2995e7b685

  • SHA512

    72d9d286caa3dfdfc5c6c694a834c6912e31e616aa27741aa9450e47d48a7e76752255141382026eb41e3dc9418a300fef224befb0ffee6965160f2b502b2a90

  • SSDEEP

    1536:mhXXjxXai7qz913mxzzx7xqYMEd9iNxGmXd1kL8wMsqILPfq/eG/bWVbrzD4hB7a:rwBfahbWVbrzD4P7ITkDfvaH5kor/

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      e440b52ecd67afb0cab747d08e65a8e8_JaffaCakes118

    • Size

      117KB

    • MD5

      e440b52ecd67afb0cab747d08e65a8e8

    • SHA1

      b21b55c87165a5989f7b9e6936e3d589656d2329

    • SHA256

      cb50e886715d996249be68512a27a6e841d8868ad6b830aac70a7a2995e7b685

    • SHA512

      72d9d286caa3dfdfc5c6c694a834c6912e31e616aa27741aa9450e47d48a7e76752255141382026eb41e3dc9418a300fef224befb0ffee6965160f2b502b2a90

    • SSDEEP

      1536:mhXXjxXai7qz913mxzzx7xqYMEd9iNxGmXd1kL8wMsqILPfq/eG/bWVbrzD4hB7a:rwBfahbWVbrzD4P7ITkDfvaH5kor/

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks