Overview

overview

10

Static

static

8

d5af062816...f.xlsm

windows7_x64

10

d5af062816...f.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6379233548730368.zip

  • Size

    49KB

  • Sample

    210511-9jdlfglf2e

  • MD5

    168f2d581332853ca46efd0d377bd976

  • SHA1

    0a462328680cf1d37d138f28799903806991281a

  • SHA256

    8ce437b22df609ef044e937d4fcb5b711d2d5af31e0ef919ba20851dfae9fa57

  • SHA512

    9dabe4291e1f31fe956adaa573e255383ce02fc80dd50cea175c174cfb70d8e3a3cf7d68ec14e3d62aa42c885e0b90fe50e508c855084cd1f9723ad489293f23

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      d5af0628161872a7715bbed443617e022d4d4275cf871c615a4a4a6021f4c79f

    • Size

      85KB

    • MD5

      7a45941305a7b20939257f9fdd30f39d

    • SHA1

      d689973704061d25b928229352db2a5394c2f52c

    • SHA256

      d5af0628161872a7715bbed443617e022d4d4275cf871c615a4a4a6021f4c79f

    • SHA512

      45d3ff42e59db13969adf069dbb7017ba5b349377dadcc18ac445f9aff0561a15cc3b54ab83818e64f175b9ca2ab7548d6a9059aaffa7ed0ddf62aa99cafd10e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks