Overview

overview

10

Static

static

8

10MinNetW10FF

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENTS.xls

  • Size

    80KB

  • Sample

    201214-ldehvj1ycs

  • MD5

    bfa6b801f26f67cc2231d4191a2486e5

  • SHA1

    d6c3fe24036c6b402eeb80e065a11280aa236625

  • SHA256

    076c11df218d9fd86a809bb3e3b4a9c2211caad31e630d731d64592bee49eec4

  • SHA512

    b06a89f9606533c9c7c6c0884c76c7e59919e1b66425e7e7f97d11bb2faafea80ed379c056c440269f3c6b132c297ea90172f54f893600747609d67a1202367b

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://tinyurl.com/y6fpv3lj

Targets

    • Target

      DOCUMENTS.xls

    • Size

      80KB

    • MD5

      bfa6b801f26f67cc2231d4191a2486e5

    • SHA1

      d6c3fe24036c6b402eeb80e065a11280aa236625

    • SHA256

      076c11df218d9fd86a809bb3e3b4a9c2211caad31e630d731d64592bee49eec4

    • SHA512

      b06a89f9606533c9c7c6c0884c76c7e59919e1b66425e7e7f97d11bb2faafea80ed379c056c440269f3c6b132c297ea90172f54f893600747609d67a1202367b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks