Overview

overview

10

Static

static

8

Invoice-99...3.xlsb

windows7_x64

10

Invoice-99...3.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice-99428_20211013.xlsb

  • Size

    210KB

  • Sample

    211018-tkxm4sdhb4

  • MD5

    835c76d02602c0833b477988674e2415

  • SHA1

    b2ae011f43a9c216bb96cc163f5de047adc118fe

  • SHA256

    bff9c14f4db658c567414f048f129298c5911861a4713fb2e6bfefc022c9aa36

  • SHA512

    05eefe0c4794545fbde917aa836fd8e1fd7e6a10586929c21f6ec60b962b8fa3c04464e04dc8b3ef25bad91835f4483eb3348d53a9c08405648679cc6ed5e221

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Invoice-99428_20211013.xlsb

    • Size

      210KB

    • MD5

      835c76d02602c0833b477988674e2415

    • SHA1

      b2ae011f43a9c216bb96cc163f5de047adc118fe

    • SHA256

      bff9c14f4db658c567414f048f129298c5911861a4713fb2e6bfefc022c9aa36

    • SHA512

      05eefe0c4794545fbde917aa836fd8e1fd7e6a10586929c21f6ec60b962b8fa3c04464e04dc8b3ef25bad91835f4483eb3348d53a9c08405648679cc6ed5e221

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks