Overview

overview

10

Static

static

8

3eefa9f1e1...9f.xls

windows7_x64

10

3eefa9f1e1...9f.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3eefa9f1e1e38dddb63bd3c41ccfa32a618e56150645e4c0c2ebd3fe2a956b9f

  • Size

    54KB

  • Sample

    210114-ajse5paf4a

  • MD5

    5dbbd74f89b695d003ba1d1562d2d92c

  • SHA1

    d3fb98b440190fd45e2e97b5ff7d9fb57d802062

  • SHA256

    3eefa9f1e1e38dddb63bd3c41ccfa32a618e56150645e4c0c2ebd3fe2a956b9f

  • SHA512

    b8bf0ba19ff0d227b452f03ef107e53e24be571ebcdaffb541c395d28dcb7bbb796718e479b2360401b8ca616c1fcb1bc7d798ec8dab3bade64da1c8a1d241d5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      3eefa9f1e1e38dddb63bd3c41ccfa32a618e56150645e4c0c2ebd3fe2a956b9f

    • Size

      54KB

    • MD5

      5dbbd74f89b695d003ba1d1562d2d92c

    • SHA1

      d3fb98b440190fd45e2e97b5ff7d9fb57d802062

    • SHA256

      3eefa9f1e1e38dddb63bd3c41ccfa32a618e56150645e4c0c2ebd3fe2a956b9f

    • SHA512

      b8bf0ba19ff0d227b452f03ef107e53e24be571ebcdaffb541c395d28dcb7bbb796718e479b2360401b8ca616c1fcb1bc7d798ec8dab3bade64da1c8a1d241d5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks