Overview

overview

10

Static

static

8

Overdue In...05.xls

windows7_x64

10

Overdue In...05.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue Invoice 1776896405.xls.zip

  • Size

    26KB

  • Sample

    201120-1kqwbevn72

  • MD5

    f3adbfbc78d07b6473148aa35abefe41

  • SHA1

    6271e5cd2cc976e7294947b384fea9d00c94d14e

  • SHA256

    4d8614a3622bb5d6ccef419f0333df5b0163a2eeb6be55010c2b669748d401d0

  • SHA512

    71f7c67ae130274ab1f8e7e6686430f5705c56f052d0cdf44ab2982522421e1fc7b506b8d123ddd5543b2c7d261b32a892edb20054a77512fbeb563481bc1d92

Score
10/10
macro

Malware Config

Targets

    • Target

      Overdue Invoice 1776896405.xls

    • Size

      57KB

    • MD5

      2fd077d77e75c3ff2a72494c277851d1

    • SHA1

      a0767d559d2e1067397c867e147f100824b594c4

    • SHA256

      86945231d2fab231a36cb13f6678744edc3458e02756c3bc4fac70c8edfb91b6

    • SHA512

      eca47b85cd85b80a73ab7c4f22f915b563e90197a7ac8935bddc4a8b4f1f352cdc145ced78c18b71f9e76060b27813ccc4c5c5779c03099c9a8a7385d0bab1fb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks