d68a1ed53bcc16ba9e7cff9326ff3f327038daddf071ec567f8d79dfed851352 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_071084a63d40622cb858d6330af3ffd0
Size

184KB
Sample

250519-wjb15asks3
MD5

071084a63d40622cb858d6330af3ffd0
SHA1

a1fb4785f9ea2329153897e7833d35d67e11d6ac
SHA256

d68a1ed53bcc16ba9e7cff9326ff3f327038daddf071ec567f8d79dfed851352
SHA512

dad242f4cd254722f024bbdadf7fd53d1fa83500e02cd6657a57d44dc26477a80fa20ce983e898e476652c23551c6392136bcef40cc52c480526d2f61815da43
SSDEEP

3072:25DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/X9rA0:2BRcGUlFzy4mpTHdrUc3/SsYASn0

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fourstars.cyou/1.php

Targets

- Target
  
  JaffaCakes118_071084a63d40622cb858d6330af3ffd0
- Size
  
  184KB
- MD5
  
  071084a63d40622cb858d6330af3ffd0
- SHA1
  
  a1fb4785f9ea2329153897e7833d35d67e11d6ac
- SHA256
  
  d68a1ed53bcc16ba9e7cff9326ff3f327038daddf071ec567f8d79dfed851352
- SHA512
  
  dad242f4cd254722f024bbdadf7fd53d1fa83500e02cd6657a57d44dc26477a80fa20ce983e898e476652c23551c6392136bcef40cc52c480526d2f61815da43
- SSDEEP
  
  3072:25DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/X9rA0:2BRcGUlFzy4mpTHdrUc3/SsYASn0
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2