Overview

overview

10

Static

static

8

d4adabf4fe...3b.xls

windows7_x64

10

d4adabf4fe...3b.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4adabf4fe8f30c45b4e5fe446fdcad3ff8718567e0529f73ac9aa6e9a9cbc3b

  • Size

    103KB

  • Sample

    220520-1n72kshceq

  • MD5

    a1a54d4025c8804a76c1d39a85d472cc

  • SHA1

    d28b2b8cb5be22b15bb05d53edba8b3881925335

  • SHA256

    d4adabf4fe8f30c45b4e5fe446fdcad3ff8718567e0529f73ac9aa6e9a9cbc3b

  • SHA512

    ec6a1e0426c514c4ded2fdd3c86c1c573af9013ee58467eec3a72c73ddb573ab38e2c052417c144b13d6493a99fbf37f946076799cac798e6ad368fd3511111c

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      d4adabf4fe8f30c45b4e5fe446fdcad3ff8718567e0529f73ac9aa6e9a9cbc3b

    • Size

      103KB

    • MD5

      a1a54d4025c8804a76c1d39a85d472cc

    • SHA1

      d28b2b8cb5be22b15bb05d53edba8b3881925335

    • SHA256

      d4adabf4fe8f30c45b4e5fe446fdcad3ff8718567e0529f73ac9aa6e9a9cbc3b

    • SHA512

      ec6a1e0426c514c4ded2fdd3c86c1c573af9013ee58467eec3a72c73ddb573ab38e2c052417c144b13d6493a99fbf37f946076799cac798e6ad368fd3511111c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks