Overview

overview

10

Static

static

8

Compensati...21.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    JaffaCakes118_0639695768eb47b4bcf5f61e20001c17

  • Size

    128KB

  • Sample

    250517-ta6s2aam6s

  • MD5

    0639695768eb47b4bcf5f61e20001c17

  • SHA1

    fe11dcf203bf33bec998663a79e2b42e2be4bc56

  • SHA256

    b8f97c4542f13cbf8135ac2bcbc1828386a33258e0b3a1d38937fdfb06f6baea

  • SHA512

    ee9b97d2d692dbb28d0b6e464b660dd56452932b79de6e1b285ed42b474defc4386c849da15e886c7c00b30dd5cfcb848a3bd054538550f4659219526a37b847

  • SSDEEP

    3072:gL9FSoVcnEOOooSyCk1ZDTaOOKb6Tob+RHbBjjL0vrYUKKQrc:gL9bV7pmk1ZqOOKqob+RBYOK0c

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://101.99.90.160/45794.6613597222.dat
xlm40.dropper

http://188.165.62.4/45794.6613597222.dat
xlm40.dropper

http://84.32.188.42/45794.6613597222.dat

Targets

    • Target

      CompensationClaim-296002029-09282021.xls

    • Size

      137KB

    • MD5

      edac94f9dff7ab7c1e48142a73bf4bc7

    • SHA1

      9b88bbe39576e4efa8e55ee59d6d5347d917bad6

    • SHA256

      6fbe825188ece29aa51947130fe77d35eb88867b9b0005e19901af78845892cb

    • SHA512

      cd5b03c8c1b9d7b890ea55572b207cd1cfc4d1393199ba65aff0443409fee7a8a3be7576692b189dde34681b01f6bafe90692d4d9717e5953916b005c6df0e14

    • SSDEEP

      3072:3k3hOdsylKlgxopeiBNhZFGzE+cL2kdAs11ScHlwFPYidH4C1TsNku0KRjkv4+wc:3k3hOdsylKlgxopeiBNhZF+E+W2kdANL

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks