Overview

overview

10

Static

static

8

document-1...75.xls

windows7_x64

10

document-1...75.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1458916175.xls

  • Size

    332KB

  • Sample

    201126-3vajtqg5f2

  • MD5

    f9688f9a7dff2ae5848f67c4c7037f58

  • SHA1

    d37ec99aff84e5518b2f60fe9bce47e021785dbf

  • SHA256

    76d335ddab4e5317a7f8728b50516f186f70aa016150605240bde067d8e9447e

  • SHA512

    48a0f51a7495d97f125bc2031b268f759fb78b431ef6eef3153c6ce51fe979150e465a78b0dfed14e642e8fe7bada2341ea1303000f7e17ee78782464ddc80d3

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1458916175.xls

    • Size

      332KB

    • MD5

      f9688f9a7dff2ae5848f67c4c7037f58

    • SHA1

      d37ec99aff84e5518b2f60fe9bce47e021785dbf

    • SHA256

      76d335ddab4e5317a7f8728b50516f186f70aa016150605240bde067d8e9447e

    • SHA512

      48a0f51a7495d97f125bc2031b268f759fb78b431ef6eef3153c6ce51fe979150e465a78b0dfed14e642e8fe7bada2341ea1303000f7e17ee78782464ddc80d3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks