Overview

overview

10

Static

static

8

8656632045...1.xlsm

windows10_x64

10

Resubmissions

24-11-2021 17:59

211124-wk8rgsddbm 10

22-11-2021 14:46

211122-r5n6csagd6 10

22-11-2021 14:46

211122-r5csbsfgdp 10

22-11-2021 14:44

211122-r4kfsafgdn 10

22-11-2021 14:41

211122-r2x9vsfgcq 10

22-11-2021 14:20

211122-rneklaffgr 10

22-11-2021 14:15

211122-rkk8zaffgl 10

17-11-2021 06:51

211117-hm1l1aeefm 10

17-11-2021 06:37

211117-hdnk3seedn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    865663204559_17_Nov_2021.xlsm

  • Size

    44KB

  • Sample

    211122-rkk8zaffgl

  • MD5

    477fd718bb764ffe3c5afde16c6c8dd2

  • SHA1

    eb932e19d95f88d64270d40cdc0b92c6d1cf63be

  • SHA256

    ee880ebdf26a1bcebe70a7ba17659199833c6107d758e26d37502bed9a225ee3

  • SHA512

    f7d0451ca3670179cc93a680b99f8982204c43054c55eb479c38dc8ea0ba6ba5b6ebea4508569091c07d95a759841455605e6daeab445146b29fc1af377ba267

Score
10/10
macro

Malware Config

Targets

    • Target

      865663204559_17_Nov_2021.xlsm

    • Size

      44KB

    • MD5

      477fd718bb764ffe3c5afde16c6c8dd2

    • SHA1

      eb932e19d95f88d64270d40cdc0b92c6d1cf63be

    • SHA256

      ee880ebdf26a1bcebe70a7ba17659199833c6107d758e26d37502bed9a225ee3

    • SHA512

      f7d0451ca3670179cc93a680b99f8982204c43054c55eb479c38dc8ea0ba6ba5b6ebea4508569091c07d95a759841455605e6daeab445146b29fc1af377ba267

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks