Overview

overview

10

Static

static

8

DHL-Fattur...54.xls

windows7_x64

10

DHL-Fattur...54.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL-Fattura-Cash-499362-5054.xls

  • Size

    72KB

  • Sample

    200707-xamcbjzqys

  • MD5

    cd145541e4815fc0bc60640cd5b6331e

  • SHA1

    99c43c329ba59ca63d228ecd6eb91cc92142a1c2

  • SHA256

    cffa9be85459012d44315fb639d583a10e96bad7a9c602ab53bb9461375e90e0

  • SHA512

    6bb4e546d0f2a8c5189d453d4bfd4d5c1da19c06dc1981c88d7cc2eb312f2afc11546705786188a9ebc19a68490c4889fa4ec8c8fda9f11c374a368656f7c373

Score
10/10
evasionmacrospywaretrojan

Malware Config

Targets

    • Target

      DHL-Fattura-Cash-499362-5054.xls

    • Size

      72KB

    • MD5

      cd145541e4815fc0bc60640cd5b6331e

    • SHA1

      99c43c329ba59ca63d228ecd6eb91cc92142a1c2

    • SHA256

      cffa9be85459012d44315fb639d583a10e96bad7a9c602ab53bb9461375e90e0

    • SHA512

      6bb4e546d0f2a8c5189d453d4bfd4d5c1da19c06dc1981c88d7cc2eb312f2afc11546705786188a9ebc19a68490c4889fa4ec8c8fda9f11c374a368656f7c373

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies system certificate store

      evasionspywaretrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks