Overview

overview

10

Static

static

8

Order.82740.xlsb

windows7_x64

10

Order.82740.xlsb

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order.82740.xlsb

  • Size

    188KB

  • Sample

    211020-zf2n6aheh5

  • MD5

    c5f24bbd26b06ae27bf81a21243bcde8

  • SHA1

    d0d0ad8794f4d5011bb136451913740a3edd51e1

  • SHA256

    0fbb5ea846a4d09bbb9fee01889ac1205b57b90c0a23813ef49a8f49cb66dc9d

  • SHA512

    6a3dada8178896cfc21f78a58dca020d777620621ea545e98c11a8cbdde9593f378fcf7d516889a1bc7b7badea7ff64e64f567ef692a8d17bc53902c6bd6599e

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Order.82740.xlsb

    • Size

      188KB

    • MD5

      c5f24bbd26b06ae27bf81a21243bcde8

    • SHA1

      d0d0ad8794f4d5011bb136451913740a3edd51e1

    • SHA256

      0fbb5ea846a4d09bbb9fee01889ac1205b57b90c0a23813ef49a8f49cb66dc9d

    • SHA512

      6a3dada8178896cfc21f78a58dca020d777620621ea545e98c11a8cbdde9593f378fcf7d516889a1bc7b7badea7ff64e64f567ef692a8d17bc53902c6bd6599e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks