Overview

overview

8

Static

static

8

file_124672.xls

windows7_x64

6

file_124672.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file_124672.xls

  • Size

    295KB

  • Sample

    200710-3jrrtggf9e

  • MD5

    393ded3846127150dc6b7dbd2dc32082

  • SHA1

    a2b57df48dd77bbd46718ad9d4bc82fc710984aa

  • SHA256

    3f56eaa38eace04eaaee759ab6d855ef9555f66d472106099a42ab31c3f746ec

  • SHA512

    e014c290ea859e204f877e67e0bc59e0f065b7515b4655cb3b9708095467cfb14a95dcc36872acf09bf92c8d21f5874b842b10ec4986dac8ca4ba1db3ebb3012

Score
8/10
macro

Malware Config

Targets

    • Target

      file_124672.xls

    • Size

      295KB

    • MD5

      393ded3846127150dc6b7dbd2dc32082

    • SHA1

      a2b57df48dd77bbd46718ad9d4bc82fc710984aa

    • SHA256

      3f56eaa38eace04eaaee759ab6d855ef9555f66d472106099a42ab31c3f746ec

    • SHA512

      e014c290ea859e204f877e67e0bc59e0f065b7515b4655cb3b9708095467cfb14a95dcc36872acf09bf92c8d21f5874b842b10ec4986dac8ca4ba1db3ebb3012

    Score
    6/10

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks