Overview

overview

10

Static

static

8

Document_1...py.xls

windows7_x64

10

Document_1...py.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa9935e6cda06866cb5aa062c16a73fdc85bd4146dca67202d22e225ddd3193b

  • Size

    19KB

  • Sample

    210114-1pf6bt994e

  • MD5

    aab461b8baaaf32bef1ed0ec2d94de8e

  • SHA1

    48d0a4915e437a331afc5a8c9f7f2700af765b13

  • SHA256

    fa9935e6cda06866cb5aa062c16a73fdc85bd4146dca67202d22e225ddd3193b

  • SHA512

    72e87f57fc5e2b28dad10fb94801dcdbebcdc319cb05651199e8560df0b7609dbdab322f7a8ea678ae7dbbf817e78aa4e6a32c62b5f38bd5caa403fdf96ca62c

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Document_1356928040-Copy.xls

    • Size

      43KB

    • MD5

      eab3ae82721b551be63502b18ecf3825

    • SHA1

      1659464cc4364cbad38e1aa36e12931e68e77d6b

    • SHA256

      e14f6ab34e3506d6985816af85935932fb6faf8bad9d2c7dd96d6011d7c21a33

    • SHA512

      d356fd7dab9cf1addad1389369ef1f0cd6d95dfcbc6d67a4df9647045bcca6eebe0314031fdcd0f77c045c45ed2fdd26f7346d6bed5ff40be273e17e1004e15f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks