Overview

overview

10

Static

static

8

Copy of In...8.xlsm

windows7_x64

10

Copy of In...8.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copy of Invoice 7739588.xlsm

  • Size

    396KB

  • Sample

    210311-kdyff31ybn

  • MD5

    0ebd66296b64dd6c70e7ed59d8736886

  • SHA1

    20958d81ce924d8ed14e93078b5f661ee85cb263

  • SHA256

    1475636af6d42e5dc6fd8ac8e5a9850dcb6c0f041260dc6dfa705937db677799

  • SHA512

    49365bb54a02e58f0eb1ae9bfc6a020d2a4161ba2d34b350b45b55b985a4836b8756f0da1c880a51f872a18187840c9df5ed201993133c4134924558ab3136dd

Score
10/10
macro

Malware Config

Targets

    • Target

      Copy of Invoice 7739588.xlsm

    • Size

      396KB

    • MD5

      0ebd66296b64dd6c70e7ed59d8736886

    • SHA1

      20958d81ce924d8ed14e93078b5f661ee85cb263

    • SHA256

      1475636af6d42e5dc6fd8ac8e5a9850dcb6c0f041260dc6dfa705937db677799

    • SHA512

      49365bb54a02e58f0eb1ae9bfc6a020d2a4161ba2d34b350b45b55b985a4836b8756f0da1c880a51f872a18187840c9df5ed201993133c4134924558ab3136dd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks