Overview

overview

10

Static

static

8

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER COPY-326.xlsm

  • Size

    154KB

  • Sample

    210326-1fpzh2qym2

  • MD5

    9a30f275af39b20ce59988b3c1724a68

  • SHA1

    d35c17ba0c5f09cb212e0a50d117b91d278ec6b3

  • SHA256

    7fe87c98f71cb7cfad4b7713284b7cfe1a0a5e059d5eb5e2c1b322426a6e52ff

  • SHA512

    7898565b62505be720c625899fd3b9f1fb9338a8653066f2c9bf660a1f59fa16529ce4c8e6c1ee597fc3855992ca1e522dce536790c8268ca75684f79636031d

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cutt.ly/fxD7Hr0

Targets

    • Target

      ORDER COPY-326.xlsm

    • Size

      154KB

    • MD5

      9a30f275af39b20ce59988b3c1724a68

    • SHA1

      d35c17ba0c5f09cb212e0a50d117b91d278ec6b3

    • SHA256

      7fe87c98f71cb7cfad4b7713284b7cfe1a0a5e059d5eb5e2c1b322426a6e52ff

    • SHA512

      7898565b62505be720c625899fd3b9f1fb9338a8653066f2c9bf660a1f59fa16529ce4c8e6c1ee597fc3855992ca1e522dce536790c8268ca75684f79636031d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks