Overview

overview

10

Static

static

8

Copy 7739588.xlsm

windows7_x64

10

Copy 7739588.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copy 7739588.xlsm

  • Size

    366KB

  • Sample

    210311-1eqyxvamzj

  • MD5

    25e9a6b92afabaadc45bf4b992560bf0

  • SHA1

    dc8c36ee7b976c59b6296482e23e15ea26e19574

  • SHA256

    6fc41047bc11f8152b3d8325985c0559514bf2b78b0aa7281babcfd280b3d9dc

  • SHA512

    67bd048fa92c639533207edf8a3dbfef7e83a4002fd5e5088502a0f276cbd1ddcfc46d2806c888bc3dfb8f77f3809991ccd62d7f2ee03e5fb0dfd14c006fb158

Score
10/10
macro

Malware Config

Targets

    • Target

      Copy 7739588.xlsm

    • Size

      366KB

    • MD5

      25e9a6b92afabaadc45bf4b992560bf0

    • SHA1

      dc8c36ee7b976c59b6296482e23e15ea26e19574

    • SHA256

      6fc41047bc11f8152b3d8325985c0559514bf2b78b0aa7281babcfd280b3d9dc

    • SHA512

      67bd048fa92c639533207edf8a3dbfef7e83a4002fd5e5088502a0f276cbd1ddcfc46d2806c888bc3dfb8f77f3809991ccd62d7f2ee03e5fb0dfd14c006fb158

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks