General

  • Target

    Invoice_238880.xlsm

  • Size

    332KB

  • Sample

    210727-44hzx5y26n

  • MD5

    814593d39bfff7912ad3b235d72880f1

  • SHA1

    e22a41f3e27deb098f2b6663c174cf1ff2d8becc

  • SHA256

    f3b8f148365e3e24d29954ef8541d32bdf7da1f0bc644adf3a9bd702bb2b8e5f

  • SHA512

    d7fde5c8292b5cc2f0443c6ec593ec9c4a3a073d1c3f6c6a308471340e2247ae56ac269737474ca805244030d95bc55a898bb84771c07367e1411ae2dfded642

Score
10/10

Malware Config

Targets

    • Target

      Invoice_238880.xlsm

    • Size

      332KB

    • MD5

      814593d39bfff7912ad3b235d72880f1

    • SHA1

      e22a41f3e27deb098f2b6663c174cf1ff2d8becc

    • SHA256

      f3b8f148365e3e24d29954ef8541d32bdf7da1f0bc644adf3a9bd702bb2b8e5f

    • SHA512

      d7fde5c8292b5cc2f0443c6ec593ec9c4a3a073d1c3f6c6a308471340e2247ae56ac269737474ca805244030d95bc55a898bb84771c07367e1411ae2dfded642

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks