Overview

overview

10

Static

static

8

document-1...31.xls

windows7_x64

10

document-1...31.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1450891431.xls

  • Size

    331KB

  • Sample

    201126-fq8tsaqpfn

  • MD5

    f4702ced875b8fba0258d15b9ba771ec

  • SHA1

    da4d522d7468de19557c126121ed93258a710b3c

  • SHA256

    bc1d3517aa469fb77b4d5734957370c1e0097aef5215488bb7b3c6daded6a0dc

  • SHA512

    a08bfb4460949e7f5e5da682686fd46ed53e149b491f15aeb4369369af5ffec0a029351fd40ea4e012744641f5b73f441dc3bf38a003f097b762e6f49ba972b0

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1450891431.xls

    • Size

      331KB

    • MD5

      f4702ced875b8fba0258d15b9ba771ec

    • SHA1

      da4d522d7468de19557c126121ed93258a710b3c

    • SHA256

      bc1d3517aa469fb77b4d5734957370c1e0097aef5215488bb7b3c6daded6a0dc

    • SHA512

      a08bfb4460949e7f5e5da682686fd46ed53e149b491f15aeb4369369af5ffec0a029351fd40ea4e012744641f5b73f441dc3bf38a003f097b762e6f49ba972b0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks