Overview

overview

10

Static

static

8

�...��.xls

windows7-x64

10

�...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5cc4e2f75524945e62fa13b3abdca150

  • Size

    37KB

  • Sample

    250310-dtmaqs1ns8

  • MD5

    5cc4e2f75524945e62fa13b3abdca150

  • SHA1

    69d457825fcbad158b79cfc8f0cf605ff6dc23ff

  • SHA256

    6b2469ff2aa9515d068c94b8af9744840beaa19b54c923d2d12c711d27b15c05

  • SHA512

    19bfe69bd5fa46ed28e80b0d4a57dca2e60a1e4d5f72a9ac8a528709de50ef2e95a8c4373965f8f9437b7ed5cec8a8a7d6acaec219106ab359c4c6fe7d5f95be

  • SSDEEP

    768:a9x54rQC/y1601eono954YEgEGiWa3BvOUFNzla+Gh4xFrAzWOfV:aF6y16RD3EgEGiWMBvzZZBPA6yV

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      ֹƸԱ.xls

    • Size

      94KB

    • MD5

      d895d51ebdb5146822e55f3c9223f846

    • SHA1

      1eb47e1a18b9ec062329b8faec2807cd972a7850

    • SHA256

      9298915cb5ffedde8ce5a99d430e0a684740e9c297ed2b7b983d3ff33491e381

    • SHA512

      a98fed89dea9a851a721f85989ec80b6808884279afa449e04086dcc1d9dc92ed368916d16091c2b7b73028b78580cbbe8ef07cb7dbbff9abdcb4de63efccb21

    • SSDEEP

      1536:O+++Kf+xt6EHFLIZgy2jcc0lbxOvTgZOvoETCcJtXw5sxD:fT5y2jcc0lbxOrVAQRJtXwSxD

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks