Overview

overview

10

Static

static

8

Document_1...py.xls

windows7_x64

10

Document_1...py.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a3a6163a5e8e372fa96efbef3feb793463f4e39bd2c4d6ea03afce045f90636

  • Size

    19KB

  • Sample

    210114-qejw53flbe

  • MD5

    98b64d70fa142b05724dc57c2f8090c7

  • SHA1

    dd5bc2d0e0a1459705132fa54c561916f541f0ab

  • SHA256

    0a3a6163a5e8e372fa96efbef3feb793463f4e39bd2c4d6ea03afce045f90636

  • SHA512

    9ce86098820105618b9a83a8f0a50c99ca180936009a563f5e9c26ff3ef6ff90693dbd59b03a4b31d7cfec5cfdad2cda32a8b4acb786e03c081bb80ca7c42f2d

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Document_1495694596-Copy.xls

    • Size

      43KB

    • MD5

      e758a4b1340fd50274edefd581cd8c52

    • SHA1

      945f507232ddbe940e09ac69a4e8592aa55590ed

    • SHA256

      4e2f37d4228e78faa1f34121ee934f58e1a9862ad6f183edf4c24e08cda20363

    • SHA512

      3393143e4215b8cff172d7a4a79d6116667ebc0999ab3eea1656616375856a798e8b5caf4728deb4cae1ecef4e83405c145b8373dca6f101654470f525d4f269

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks