Overview

overview

10

Static

static

8

JaffaCakes...93.xls

windows7-x64

10

JaffaCakes...93.xls

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_67b9e7ab6bb969b5e2645589ee401e93

  • Size

    161KB

  • Sample

    250311-2zz1saxrv4

  • MD5

    67b9e7ab6bb969b5e2645589ee401e93

  • SHA1

    fd495e6f56664b76aaa12fb2d7b80d50c40c9b77

  • SHA256

    9f530620f2193ec5d32ac501daa82c988b49bfaa70ddc79cc0db4eb4e59d5281

  • SHA512

    68e896f409d621426bd42011f8b7e6626bf70cd5afd5ed455bfea5aa2efff0b9b4da1df372dbe65407d0938e4dfbcd7cf03a9dc84bd813019961d1be5c9d6714

  • SSDEEP

    3072:VZIl6Nc7yRzs1H75wkZUgsRLpEbWN6Z8TGVoPS2gfSRUlQvaR8LWIEOSq6/cgfAs:bIl6Nc7yRzs1H75wkZUgsRLpEbWN6Z81

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      JaffaCakes118_67b9e7ab6bb969b5e2645589ee401e93

    • Size

      161KB

    • MD5

      67b9e7ab6bb969b5e2645589ee401e93

    • SHA1

      fd495e6f56664b76aaa12fb2d7b80d50c40c9b77

    • SHA256

      9f530620f2193ec5d32ac501daa82c988b49bfaa70ddc79cc0db4eb4e59d5281

    • SHA512

      68e896f409d621426bd42011f8b7e6626bf70cd5afd5ed455bfea5aa2efff0b9b4da1df372dbe65407d0938e4dfbcd7cf03a9dc84bd813019961d1be5c9d6714

    • SSDEEP

      3072:VZIl6Nc7yRzs1H75wkZUgsRLpEbWN6Z8TGVoPS2gfSRUlQvaR8LWIEOSq6/cgfAs:bIl6Nc7yRzs1H75wkZUgsRLpEbWN6Z81

    Score
    10/10
    defense_evasiondiscovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks