Overview

overview

10

Static

static

8

document-1...26.xls

windows7_x64

10

document-1...26.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1496127226.xls

  • Size

    331KB

  • Sample

    201126-wgst9hbq2s

  • MD5

    33470672f3487c3b89eb109626aea3e9

  • SHA1

    31c8e95cf38c6fa9f1e9a37bbf98ca6f7b54400c

  • SHA256

    44242f39892e1e77d154070ff12881928f30ba39f011f76dce8afc58c39f0572

  • SHA512

    a643500b1317289b745cee2554847c1cebcd85c16fa64a20ff3a2e8f5cda3688f242af226dfaea875effd9199b3bfca315bbcd8b8dbad4ddaf001b3dc3fe61f8

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1496127226.xls

    • Size

      331KB

    • MD5

      33470672f3487c3b89eb109626aea3e9

    • SHA1

      31c8e95cf38c6fa9f1e9a37bbf98ca6f7b54400c

    • SHA256

      44242f39892e1e77d154070ff12881928f30ba39f011f76dce8afc58c39f0572

    • SHA512

      a643500b1317289b745cee2554847c1cebcd85c16fa64a20ff3a2e8f5cda3688f242af226dfaea875effd9199b3bfca315bbcd8b8dbad4ddaf001b3dc3fe61f8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks