Overview

overview

10

Static

static

8

Weekly Vac...t.xlsm

windows7_x64

10

Weekly Vac...t.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Weekly Vacancy Status Report.xlsm

  • Size

    145KB

  • Sample

    210304-671eq1y6rn

  • MD5

    0dc402a72f0a963d5ab34f2981ad75ef

  • SHA1

    88ba0830634d1e2ddb1189731ce6e7e30a62bda5

  • SHA256

    77d6239a1082b6dfc5ad9d1c07fcc9610ed933195067e112a0947cb8c149b5d5

  • SHA512

    415dad3db0c7bdd5450f63ef25364b2c42322578215d2f1dfbc8851eb37c0cff7ffa603657139e5c2ba405fb314d6f19e5597d2a49b677f9c2ded75a5f5f6b49

Score
10/10
macro

Malware Config

Targets

    • Target

      Weekly Vacancy Status Report.xlsm

    • Size

      145KB

    • MD5

      0dc402a72f0a963d5ab34f2981ad75ef

    • SHA1

      88ba0830634d1e2ddb1189731ce6e7e30a62bda5

    • SHA256

      77d6239a1082b6dfc5ad9d1c07fcc9610ed933195067e112a0947cb8c149b5d5

    • SHA512

      415dad3db0c7bdd5450f63ef25364b2c42322578215d2f1dfbc8851eb37c0cff7ffa603657139e5c2ba405fb314d6f19e5597d2a49b677f9c2ded75a5f5f6b49

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks