Overview

overview

10

Static

static

8

document-1...50.xls

windows7_x64

10

document-1...50.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1480023850.xls

  • Size

    331KB

  • Sample

    201126-bte6sh7cd2

  • MD5

    ae815f0e611f22e44ddd0d7427f8f5c8

  • SHA1

    22c84128f54ccb82487a80ef929b7b7e36dd3268

  • SHA256

    f3a4fc457ece24e24608cdef0bbee26c2b5872fd7c518f0fa8a69893e484c159

  • SHA512

    4867f56e59909d049591bf198f282a74f90e36b6ca1ee4d1edf72dba038c7f1f93bfc0092e44cff3de48db3d0827777cb349ab16e53738ca884f966731019550

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1480023850.xls

    • Size

      331KB

    • MD5

      ae815f0e611f22e44ddd0d7427f8f5c8

    • SHA1

      22c84128f54ccb82487a80ef929b7b7e36dd3268

    • SHA256

      f3a4fc457ece24e24608cdef0bbee26c2b5872fd7c518f0fa8a69893e484c159

    • SHA512

      4867f56e59909d049591bf198f282a74f90e36b6ca1ee4d1edf72dba038c7f1f93bfc0092e44cff3de48db3d0827777cb349ab16e53738ca884f966731019550

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks