Overview

overview

10

Static

static

8

7b1a017438...bc.xls

windows7_x64

10

7b1a017438...bc.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b1a017438faf8389c27eef81092adb00ea72e21381234e91f3105c381ec66bc

  • Size

    54KB

  • Sample

    210114-mwh4qahn1x

  • MD5

    e8bd90189959163ba8a82220cf3431de

  • SHA1

    03a7074beda911425e58641f108c39dd0baab106

  • SHA256

    7b1a017438faf8389c27eef81092adb00ea72e21381234e91f3105c381ec66bc

  • SHA512

    da82ff3db6ca84a25edb3eecedb2cd2f119aa0757068aed63455a860841b97edc374272c29aa95559bf28b6aa7c49e41f180e3b59a9075883543f7b11b5b2054

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      7b1a017438faf8389c27eef81092adb00ea72e21381234e91f3105c381ec66bc

    • Size

      54KB

    • MD5

      e8bd90189959163ba8a82220cf3431de

    • SHA1

      03a7074beda911425e58641f108c39dd0baab106

    • SHA256

      7b1a017438faf8389c27eef81092adb00ea72e21381234e91f3105c381ec66bc

    • SHA512

      da82ff3db6ca84a25edb3eecedb2cd2f119aa0757068aed63455a860841b97edc374272c29aa95559bf28b6aa7c49e41f180e3b59a9075883543f7b11b5b2054

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks