Overview

overview

10

Static

static

8

eRYlaSz.xlsm

windows7_x64

10

eRYlaSz.xlsm

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eRYlaSz.xlsm

  • Size

    146KB

  • Sample

    211025-ebnarageaq

  • MD5

    a05a533e36ce44fa5d75c09d5c62f9a0

  • SHA1

    9dca548272f928f3cc187fd611405a567612c032

  • SHA256

    b85646a3a0061554fb664cf67b88485fc981c0fe8cda1e592e3730d8f61ca10b

  • SHA512

    a4bf707411dc114f25258c9de9e2e75779245609b8867cf60097138df1e2252e88441eb22564b78ad374677e5ab698b8c2204c916b4bee20ef79e50871eadf50

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      eRYlaSz.xlsm

    • Size

      146KB

    • MD5

      a05a533e36ce44fa5d75c09d5c62f9a0

    • SHA1

      9dca548272f928f3cc187fd611405a567612c032

    • SHA256

      b85646a3a0061554fb664cf67b88485fc981c0fe8cda1e592e3730d8f61ca10b

    • SHA512

      a4bf707411dc114f25258c9de9e2e75779245609b8867cf60097138df1e2252e88441eb22564b78ad374677e5ab698b8c2204c916b4bee20ef79e50871eadf50

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks