Overview

overview

10

Static

static

8

4a8d3e1f28...7.xlsm

windows7_x64

10

4a8d3e1f28...7.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    201KB

  • Sample

    211015-sscr8sbggm

  • MD5

    0d2c5f0394eafbb88bddb3a758ccf758

  • SHA1

    e2dc6084fd8ff0e480337a53bc7524573fe100d0

  • SHA256

    16821be1fa2994d90e1fae9dd30d760652a0fdcd402159f79d94902aa7f58ab2

  • SHA512

    ac1ce30ab842a116dd319118ca62cdd9b8c886fe0611638afee98b081d74aa0dcac75228bcaa7eb1a79a339aa4a0e514d97efecbeda788dd58ad0116b0cadba5

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      4a8d3e1f28dcddd8177e378b14b49dc0e23dad9772931f6616ce64ad17585fa7.xlsm

    • Size

      240KB

    • MD5

      f2bec56e09883a139201183f00f400a4

    • SHA1

      6183a3935e2552484f53f74a6d340f8f451fe0b7

    • SHA256

      4a8d3e1f28dcddd8177e378b14b49dc0e23dad9772931f6616ce64ad17585fa7

    • SHA512

      d7b871c1cbe9e7726457897e54068c1e801b552292a960822a60aacbdb5c4aec2129bc698ef8ff42741b76be3f56ebfed234718b763226f1b6e2efd6fa6a6121

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks