Overview

overview

10

Static

static

8

JaffaCakes...56.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_9e4a61b13e22f6fb546a0aef9ba97d56

  • Size

    152KB

  • Sample

    250407-hvqrrsstcv

  • MD5

    9e4a61b13e22f6fb546a0aef9ba97d56

  • SHA1

    c8118cde2fab8eae7b951a9d8e7aff7b7308e400

  • SHA256

    2408ecedd613c094834bd12c4c8834986c487f26042a27615be5f21883fc9d78

  • SHA512

    47fa7d253ff8ccc005bf9119ff07dd8622178a9c4279c1817116211be20445abe3422eb25fdfa5f8200e692f8296f07d27ee848857f03b8ac3d50cc7ea284a94

  • SSDEEP

    1536:Gl88wmvmNpxI3owOREITCzYPEXEZ95iHQged3pZDXVMUX254zAM/TE+2jcc0lbxC:4+d3Hhn2jcc0lbxOrJxJEXwMnCn

Score
10/10
defense_evasionmacroxlm

Malware Config

Targets

    • Target

      JaffaCakes118_9e4a61b13e22f6fb546a0aef9ba97d56

    • Size

      152KB

    • MD5

      9e4a61b13e22f6fb546a0aef9ba97d56

    • SHA1

      c8118cde2fab8eae7b951a9d8e7aff7b7308e400

    • SHA256

      2408ecedd613c094834bd12c4c8834986c487f26042a27615be5f21883fc9d78

    • SHA512

      47fa7d253ff8ccc005bf9119ff07dd8622178a9c4279c1817116211be20445abe3422eb25fdfa5f8200e692f8296f07d27ee848857f03b8ac3d50cc7ea284a94

    • SSDEEP

      1536:Gl88wmvmNpxI3owOREITCzYPEXEZ95iHQged3pZDXVMUX254zAM/TE+2jcc0lbxC:4+d3Hhn2jcc0lbxOrJxJEXwMnCn

    Score
    10/10
    defense_evasionmacroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks