93e2e70e1537d7d6adb00a9b05c63c7d3db57474429edf4d145dd0eafce65621 | Triage

Sharing

General

Target

e5285563d2f8368ad47055fbb2e210e2_JaffaCakes118
Size

36KB
Sample

241212-hfwpgatlfv
MD5

e5285563d2f8368ad47055fbb2e210e2
SHA1

4e4e9e4fe8ff3f7c7a2f119f384255b32b7f8d00
SHA256

93e2e70e1537d7d6adb00a9b05c63c7d3db57474429edf4d145dd0eafce65621
SHA512

21c5610105540846826b8b66bbdb945ddd452829f71b69e00d2b9bf7e4cd7340ba5534721b776d20a3aec8b6c67d38e3a844e7fb532e909984f3fb41460211bf
SSDEEP

768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJTKftw01b65/:5ok3hbdlylKsgqopeJBWhZFGkE+cL2NO

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://skill.fashion/wp-data.php

Targets

- Target
  
  e5285563d2f8368ad47055fbb2e210e2_JaffaCakes118
- Size
  
  36KB
- MD5
  
  e5285563d2f8368ad47055fbb2e210e2
- SHA1
  
  4e4e9e4fe8ff3f7c7a2f119f384255b32b7f8d00
- SHA256
  
  93e2e70e1537d7d6adb00a9b05c63c7d3db57474429edf4d145dd0eafce65621
- SHA512
  
  21c5610105540846826b8b66bbdb945ddd452829f71b69e00d2b9bf7e4cd7340ba5534721b776d20a3aec8b6c67d38e3a844e7fb532e909984f3fb41460211bf
- SSDEEP
  
  768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJTKftw01b65/:5ok3hbdlylKsgqopeJBWhZFGkE+cL2NO
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2