Overview

overview

10

Static

static

8

9c4efa1216...d7.xls

windows7_x64

1

9c4efa1216...d7.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c4efa12168b7c75250922cf3c7d400c6314b9fdc8103bfc88c8ea005f0e6cd7

  • Size

    79KB

  • Sample

    220521-agd7tadahk

  • MD5

    5682ed0db8c9a6e9535f13564d8680f3

  • SHA1

    5c1575c80cfcb0840324ee54e17f9ebae9e4a14d

  • SHA256

    9c4efa12168b7c75250922cf3c7d400c6314b9fdc8103bfc88c8ea005f0e6cd7

  • SHA512

    298ec6625ef37e1f0b744dcd3ebe84b93cbed117977bef9ce7c1bc347f3837d354c256e0ac6b3429bc7f9a1b7416742556372ba810af32c17ab479d6a20206cc

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      9c4efa12168b7c75250922cf3c7d400c6314b9fdc8103bfc88c8ea005f0e6cd7

    • Size

      79KB

    • MD5

      5682ed0db8c9a6e9535f13564d8680f3

    • SHA1

      5c1575c80cfcb0840324ee54e17f9ebae9e4a14d

    • SHA256

      9c4efa12168b7c75250922cf3c7d400c6314b9fdc8103bfc88c8ea005f0e6cd7

    • SHA512

      298ec6625ef37e1f0b744dcd3ebe84b93cbed117977bef9ce7c1bc347f3837d354c256e0ac6b3429bc7f9a1b7416742556372ba810af32c17ab479d6a20206cc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks