Overview

overview

10

Static

static

8

JaffaCakes...3f.xls

windows7-x64

10

JaffaCakes...3f.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_987f1b96e0b6748f5099c87be7178c3f

  • Size

    163KB

  • Sample

    250330-lx4m7ayk13

  • MD5

    987f1b96e0b6748f5099c87be7178c3f

  • SHA1

    ddedbccd316b9acdae32d5b55616fe664768b889

  • SHA256

    07314d99339c1515c988466c29cacef2f92484d13b24acaa2702d12c857b2f37

  • SHA512

    6713b95a4a458751b2d6f233eb21020771db075ec445355151bf33b7ea4e96f2c5070f75a2fb248a8c77b3a7ae9115c7fea025ed405aa22b9514d45241d3c249

  • SSDEEP

    3072:EfOOTtWVbrzrr507ITk9xYJEXwDv4NEI:eTcr5B

Score
10/10
defense_evasiondiscoverymacroxlm

Malware Config

Targets

    • Target

      JaffaCakes118_987f1b96e0b6748f5099c87be7178c3f

    • Size

      163KB

    • MD5

      987f1b96e0b6748f5099c87be7178c3f

    • SHA1

      ddedbccd316b9acdae32d5b55616fe664768b889

    • SHA256

      07314d99339c1515c988466c29cacef2f92484d13b24acaa2702d12c857b2f37

    • SHA512

      6713b95a4a458751b2d6f233eb21020771db075ec445355151bf33b7ea4e96f2c5070f75a2fb248a8c77b3a7ae9115c7fea025ed405aa22b9514d45241d3c249

    • SSDEEP

      3072:EfOOTtWVbrzrr507ITk9xYJEXwDv4NEI:eTcr5B

    Score
    10/10
    defense_evasiondiscoverymacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks