b693437d3e5c8f848eada11f420dd6bb5f5cbe625775fa202e4835222307470b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_0649bc78d51fa325a7f322fe510bcc4f
Size

110KB
Sample

250517-xf2m2sdq5s
MD5

0649bc78d51fa325a7f322fe510bcc4f
SHA1

4d00856247974b57c3f22d0828169f1e518d464b
SHA256

b693437d3e5c8f848eada11f420dd6bb5f5cbe625775fa202e4835222307470b
SHA512

791184733b3cd7b31eb445b7538400f089538cb36b320ceb942ba8c96a1ff94a59a99a417ae0abc0861a81d8fbe55a9acdd10cbb75e851aab232919c8c4873b7
SSDEEP

1536:ymmmmC1/hF9kTE86dok3mXU72rZ95h8ti25WVbrzj7ITkiD2lZmUcJtXwRxmGM2n:QYWVbrzj7ITkDSXJtXwmJ5ki1K

Score

10^/10

defense_evasion macro xlm

Malware Config

Targets

- Target
  
  JaffaCakes118_0649bc78d51fa325a7f322fe510bcc4f
- Size
  
  110KB
- MD5
  
  0649bc78d51fa325a7f322fe510bcc4f
- SHA1
  
  4d00856247974b57c3f22d0828169f1e518d464b
- SHA256
  
  b693437d3e5c8f848eada11f420dd6bb5f5cbe625775fa202e4835222307470b
- SHA512
  
  791184733b3cd7b31eb445b7538400f089538cb36b320ceb942ba8c96a1ff94a59a99a417ae0abc0861a81d8fbe55a9acdd10cbb75e851aab232919c8c4873b7
- SSDEEP
  
  1536:ymmmmC1/hF9kTE86dok3mXU72rZ95h8ti25WVbrzj7ITkiD2lZmUcJtXwRxmGM2n:QYWVbrzj7ITkDSXJtXwmJ5ki1K
Score

10^/10

defense_evasion macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionmacroxlm