Overview

overview

10

Static

static

8

84f1237656...8d.xls

windows7_x64

10

84f1237656...8d.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84f1237656d4ce2d7e895b5dc1fc139362ff9d621c3ae043004893ed44a3b68d

  • Size

    54KB

  • Sample

    210114-9hv1cq6qn6

  • MD5

    037859244c296f20b4a9209f9cb2cbea

  • SHA1

    9a8f158e5beab3802b31be0d4e063459d1688ef3

  • SHA256

    84f1237656d4ce2d7e895b5dc1fc139362ff9d621c3ae043004893ed44a3b68d

  • SHA512

    506da2360a745b73c50112fbef5f9d39d0e401b893c3d143725cfc7b1081094593562b18f74119595673fd9ab1670095274bcfe65f7f12caf805b92e5fb1ed23

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      84f1237656d4ce2d7e895b5dc1fc139362ff9d621c3ae043004893ed44a3b68d

    • Size

      54KB

    • MD5

      037859244c296f20b4a9209f9cb2cbea

    • SHA1

      9a8f158e5beab3802b31be0d4e063459d1688ef3

    • SHA256

      84f1237656d4ce2d7e895b5dc1fc139362ff9d621c3ae043004893ed44a3b68d

    • SHA512

      506da2360a745b73c50112fbef5f9d39d0e401b893c3d143725cfc7b1081094593562b18f74119595673fd9ab1670095274bcfe65f7f12caf805b92e5fb1ed23

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks