Overview

overview

10

Static

static

8

Invoice_477336.xlsm

windows7_x64

10

Invoice_477336.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_477336.xlsm

  • Size

    331KB

  • Sample

    210728-6jscwcavsa

  • MD5

    e96dda1d1584df4f55cb661a85338e25

  • SHA1

    2146bbc486e5fb847196f18160e41ce9387fcb4c

  • SHA256

    78288f10031cf16e3400b5347cf525e74fb0a291a33931ee8dcd82e56a9aa6fd

  • SHA512

    91e2b6bc3aea177f8e999f970400fc4408f5e9f13339df83a6e3a7d46ffdd129397ac0b185f22609f1245df184db84e615e2ebaa26d52ad98323e31892009f83

Score
10/10
macro

Malware Config

Targets

    • Target

      Invoice_477336.xlsm

    • Size

      331KB

    • MD5

      e96dda1d1584df4f55cb661a85338e25

    • SHA1

      2146bbc486e5fb847196f18160e41ce9387fcb4c

    • SHA256

      78288f10031cf16e3400b5347cf525e74fb0a291a33931ee8dcd82e56a9aa6fd

    • SHA512

      91e2b6bc3aea177f8e999f970400fc4408f5e9f13339df83a6e3a7d46ffdd129397ac0b185f22609f1245df184db84e615e2ebaa26d52ad98323e31892009f83

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks