fe3d4647da281e7f5063094c332b3896cff4a1a4d021d1c00295e674ae7a7be9 | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice_273.xlsm

windows7_x64

1

Invoice_273.xlsm

windows10_x64

Sharing

General

Target

Invoice_273.xlsm
Size

164KB
Sample

210421-hnxsjn8b2s
MD5

599ce087cc5f550db5e6af6133b6be19
SHA1

4025f5bfe38452647ce0796e3820960702d90b41
SHA256

fe3d4647da281e7f5063094c332b3896cff4a1a4d021d1c00295e674ae7a7be9
SHA512

78ac9fa93e78f03bf0c027640de08ab763d3a12dc0ff33ada9987b8ccb0f719652148f245af44701625f66564c06272781e96118fbc933ce04d42d906ebbd786

Score

10^/10

evasion macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_273.xlsm

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice_273.xlsm

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Invoice_273.xlsm
- Size
  
  164KB
- MD5
  
  599ce087cc5f550db5e6af6133b6be19
- SHA1
  
  4025f5bfe38452647ce0796e3820960702d90b41
- SHA256
  
  fe3d4647da281e7f5063094c332b3896cff4a1a4d021d1c00295e674ae7a7be9
- SHA512
  
  78ac9fa93e78f03bf0c027640de08ab763d3a12dc0ff33ada9987b8ccb0f719652148f245af44701625f66564c06272781e96118fbc933ce04d42d906ebbd786
Score

10^/10

evasion trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy