Overview

overview

10

Static

static

8

JaffaCakes...90.xls

windows7-x64

10

JaffaCakes...90.xls

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_83321a1a6f2a7ad9d5aa17021faf0190

  • Size

    109KB

  • Sample

    250321-pjtgvasjy9

  • MD5

    83321a1a6f2a7ad9d5aa17021faf0190

  • SHA1

    bd813c121342f4c90136850daaa38f484472fb74

  • SHA256

    8882320f6b81d106940e3fc1671c7d6df3fc994040643965f7078d12f30d7d18

  • SHA512

    046e865d26dded7708ac934ffb4d18ae305c67cfec06a25de5b42b7fa60deccf12f08eb0757bdd2c6c9580b4713827f6c07766346021763cbab6e7cb009fcfc3

  • SSDEEP

    1536:8EEEEtwoLcgpe3+P9JcOJm32+T2Z2JRn2jcc0lbxOvTgZuB88ScJtXQ1bH:kcgpXJm32+N2jcc0lbxOrrjhJtXQRH

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      JaffaCakes118_83321a1a6f2a7ad9d5aa17021faf0190

    • Size

      109KB

    • MD5

      83321a1a6f2a7ad9d5aa17021faf0190

    • SHA1

      bd813c121342f4c90136850daaa38f484472fb74

    • SHA256

      8882320f6b81d106940e3fc1671c7d6df3fc994040643965f7078d12f30d7d18

    • SHA512

      046e865d26dded7708ac934ffb4d18ae305c67cfec06a25de5b42b7fa60deccf12f08eb0757bdd2c6c9580b4713827f6c07766346021763cbab6e7cb009fcfc3

    • SSDEEP

      1536:8EEEEtwoLcgpe3+P9JcOJm32+T2Z2JRn2jcc0lbxOvTgZuB88ScJtXQ1bH:kcgpXJm32+N2jcc0lbxOrrjhJtXQRH

    Score
    10/10
    defense_evasiondiscovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks