Overview

overview

10

Static

static

8

JaffaCakes...47.xls

windows7-x64

10

JaffaCakes...47.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_63c2b8fe6124b4205577967845c7fd47

  • Size

    132KB

  • Sample

    250311-hdyfaawsez

  • MD5

    63c2b8fe6124b4205577967845c7fd47

  • SHA1

    53ea2affb4b7809d96c0d151839bd859a8d5de2b

  • SHA256

    c2c4a63a62ff0df13f68f4403dd15f71d1b6f5c94ece4a4505eabdf4f71bf1a1

  • SHA512

    5681c892c5325a30593019c0be556e11c5be0a822ccababbf15bbef3e98f8500c87f51ce07158ad8b5dd0cec15fa3afdeb230678e9b32f1e1dbe5ff935cd4f86

  • SSDEEP

    1536:+nGGGanIbBldEkjz0IX3GEc9abfKGiVAmYqN9WkUfNS8MnnWVbr7Q7ITkOD2Kk5P:ihXvWVbr7Q7ITkPpbJtXw0v4pI

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      JaffaCakes118_63c2b8fe6124b4205577967845c7fd47

    • Size

      132KB

    • MD5

      63c2b8fe6124b4205577967845c7fd47

    • SHA1

      53ea2affb4b7809d96c0d151839bd859a8d5de2b

    • SHA256

      c2c4a63a62ff0df13f68f4403dd15f71d1b6f5c94ece4a4505eabdf4f71bf1a1

    • SHA512

      5681c892c5325a30593019c0be556e11c5be0a822ccababbf15bbef3e98f8500c87f51ce07158ad8b5dd0cec15fa3afdeb230678e9b32f1e1dbe5ff935cd4f86

    • SSDEEP

      1536:+nGGGanIbBldEkjz0IX3GEc9abfKGiVAmYqN9WkUfNS8MnnWVbr7Q7ITkOD2Kk5P:ihXvWVbr7Q7ITkPpbJtXw0v4pI

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks