Overview

overview

10

Static

static

8

fea072ba3f...50.xls

windows7_x64

6

fea072ba3f...50.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fea072ba3f7917af9c87c1a68ea7ee4c0ca39d6df8c5c71843771d198c045e50.xls

  • Size

    367KB

  • Sample

    200715-1k4xvlwlh2

  • MD5

    56a0b81c19d2d17c042e2b2c22744633

  • SHA1

    cfb744ac8fdb24cf317d2e33802e878feddfd3e7

  • SHA256

    fea072ba3f7917af9c87c1a68ea7ee4c0ca39d6df8c5c71843771d198c045e50

  • SHA512

    9d195463a70cac76cdf30d667e1a891ede0a9f25edc1466f3ed955fdd85f65be283eb0d9dfbb872c9d37f00397c9e04ccb1843c478fd56fb09a29525ed37df0f

Score
10/10
macro

Malware Config

Targets

    • Target

      fea072ba3f7917af9c87c1a68ea7ee4c0ca39d6df8c5c71843771d198c045e50.xls

    • Size

      367KB

    • MD5

      56a0b81c19d2d17c042e2b2c22744633

    • SHA1

      cfb744ac8fdb24cf317d2e33802e878feddfd3e7

    • SHA256

      fea072ba3f7917af9c87c1a68ea7ee4c0ca39d6df8c5c71843771d198c045e50

    • SHA512

      9d195463a70cac76cdf30d667e1a891ede0a9f25edc1466f3ed955fdd85f65be283eb0d9dfbb872c9d37f00397c9e04ccb1843c478fd56fb09a29525ed37df0f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks