Overview

overview

10

Static

static

8

document-1...25.xls

windows7_x64

10

document-1...25.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-144037925.xls

  • Size

    332KB

  • Sample

    201126-1c2gcw2tvj

  • MD5

    0eb6e0ce4b377f506be77f7c7bb36e4c

  • SHA1

    5f5f5385fe392a74ba5f1db6cc097ecbc3c34333

  • SHA256

    ae4b63bf0d60c887b8bb4d0d914075d0b51350acee8f87d267f9a723871ed810

  • SHA512

    47e11868fda5a6ef6e102dde9f71d65ca806fceac5a71e45f685c16c4724179637864b823a041377673189820bccf018e98b054771c50bf7fe067bcf4a83dd6b

Score
10/10
macro

Malware Config

Targets

    • Target

      document-144037925.xls

    • Size

      332KB

    • MD5

      0eb6e0ce4b377f506be77f7c7bb36e4c

    • SHA1

      5f5f5385fe392a74ba5f1db6cc097ecbc3c34333

    • SHA256

      ae4b63bf0d60c887b8bb4d0d914075d0b51350acee8f87d267f9a723871ed810

    • SHA512

      47e11868fda5a6ef6e102dde9f71d65ca806fceac5a71e45f685c16c4724179637864b823a041377673189820bccf018e98b054771c50bf7fe067bcf4a83dd6b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks