59cd4a1e5c39e6778cbe2eb9aa9a465d8ac2aef7ea3b06b094144332bac7a10d | Triage

Sharing

General

Target

JaffaCakes118_9992abb2fbee6cf347a0c4303d5a92cb
Size

83KB
Sample

250331-n37m5s1rx6
MD5

9992abb2fbee6cf347a0c4303d5a92cb
SHA1

36d9dc94b5db5f9606a7bb5fae0357687723b510
SHA256

59cd4a1e5c39e6778cbe2eb9aa9a465d8ac2aef7ea3b06b094144332bac7a10d
SHA512

c2c9363007a37e1af4a15a4bd7a65870ef01caae85158a17455c4f2e85858c46bf3b4d73d0362c933b486627e8864b73edd80857b623dfd240e6c5b6170fe65d
SSDEEP

1536:s+xxxxZRiIa8l2jcc0lbxOvTgZZM88ScJtXwKIU:F2jcc0lbxOrjjhJtXw7U

Score

10^/10

defense_evasion macro xlm

Malware Config

Targets

- Target
  
  JaffaCakes118_9992abb2fbee6cf347a0c4303d5a92cb
- Size
  
  83KB
- MD5
  
  9992abb2fbee6cf347a0c4303d5a92cb
- SHA1
  
  36d9dc94b5db5f9606a7bb5fae0357687723b510
- SHA256
  
  59cd4a1e5c39e6778cbe2eb9aa9a465d8ac2aef7ea3b06b094144332bac7a10d
- SHA512
  
  c2c9363007a37e1af4a15a4bd7a65870ef01caae85158a17455c4f2e85858c46bf3b4d73d0362c933b486627e8864b73edd80857b623dfd240e6c5b6170fe65d
- SSDEEP
  
  1536:s+xxxxZRiIa8l2jcc0lbxOvTgZZM88ScJtXwKIU:F2jcc0lbxOrjjhJtXw7U
Score

10^/10

defense_evasion macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionmacroxlm