Overview

overview

10

Static

static

MIL0004325471.xlsm

windows7_x64

10

MIL0004325471.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MIL0004325471.xlsm

  • Size

    37KB

  • Sample

    200707-wnqwezgsyx

  • MD5

    b970d36078aefc235cd6137fa5ac5e45

  • SHA1

    5e71a534f61d9070698a692c1679c0e2b69bec4a

  • SHA256

    cab4eae157571452fb451e0ff302906b73ef2d2a9f502f74280d980f085f718d

  • SHA512

    991c234d689a45ac729132f789d05b598f063c4e7885a023f31b6f88aacf431192cdede765bbc26be3f7ccd2b9acc7df585865d47f839348fa5127bd6f61bc4a

Score
10/10
evasionspywaretrojan

Malware Config

Targets

    • Target

      MIL0004325471.xlsm

    • Size

      37KB

    • MD5

      b970d36078aefc235cd6137fa5ac5e45

    • SHA1

      5e71a534f61d9070698a692c1679c0e2b69bec4a

    • SHA256

      cab4eae157571452fb451e0ff302906b73ef2d2a9f502f74280d980f085f718d

    • SHA512

      991c234d689a45ac729132f789d05b598f063c4e7885a023f31b6f88aacf431192cdede765bbc26be3f7ccd2b9acc7df585865d47f839348fa5127bd6f61bc4a

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies system certificate store

      evasionspywaretrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks