Overview

overview

10

Static

static

8

Services_r...1.xlsm

windows7_x64

6

Services_r...1.xlsm

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Services_rate_202051.xlsm

  • Size

    42KB

  • Sample

    200717-k93qbp84sa

  • MD5

    3699b8a1b21b70074b0dde8499a69b20

  • SHA1

    95c06737811298d9daa7cae20ef745ec5c25e1c9

  • SHA256

    615e421907dd0df60c97b502690fc57bdb08365122e3cafe79ac911e9f204feb

  • SHA512

    1787c9a1a46f02757f7273409514b7283dd13e91b8173c236ed311938b0d36192cb99d2c5c0b3bc87c7222858e00bdbfbb86855aee39a89db5d83897d38bdbfc

Score
10/10
macro

Malware Config

Targets

    • Target

      Services_rate_202051.xlsm

    • Size

      42KB

    • MD5

      3699b8a1b21b70074b0dde8499a69b20

    • SHA1

      95c06737811298d9daa7cae20ef745ec5c25e1c9

    • SHA256

      615e421907dd0df60c97b502690fc57bdb08365122e3cafe79ac911e9f204feb

    • SHA512

      1787c9a1a46f02757f7273409514b7283dd13e91b8173c236ed311938b0d36192cb99d2c5c0b3bc87c7222858e00bdbfbb86855aee39a89db5d83897d38bdbfc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks