Overview

overview

10

Static

static

8

d0cbd7a603...43.xls

windows7_x64

10

d0cbd7a603...43.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0cbd7a60391818e8efe5c48002c3b5267aa2e9869890868e206dc9b12201b43

  • Size

    54KB

  • Sample

    210114-q2jepdcdex

  • MD5

    8231f0bda2d788487240bf2e27e4db7a

  • SHA1

    756d9d5caff1bbe77f7b0cab5d4931e0eeaf938d

  • SHA256

    d0cbd7a60391818e8efe5c48002c3b5267aa2e9869890868e206dc9b12201b43

  • SHA512

    1efbdbfef0f9565b146a0e93596db8517f371932b90041a4164d1463844fc3d37b3b000fc5335c40fb31a33c5f397667ad3d8f92dba557b794a289a271200097

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      d0cbd7a60391818e8efe5c48002c3b5267aa2e9869890868e206dc9b12201b43

    • Size

      54KB

    • MD5

      8231f0bda2d788487240bf2e27e4db7a

    • SHA1

      756d9d5caff1bbe77f7b0cab5d4931e0eeaf938d

    • SHA256

      d0cbd7a60391818e8efe5c48002c3b5267aa2e9869890868e206dc9b12201b43

    • SHA512

      1efbdbfef0f9565b146a0e93596db8517f371932b90041a4164d1463844fc3d37b3b000fc5335c40fb31a33c5f397667ad3d8f92dba557b794a289a271200097

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks