Overview

overview

10

Static

static

8

COH_Paymen...97.xls

windows7-x64

1

COH_Paymen...97.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COH_Payment_Advice_Note_0009887897.xls

  • Size

    231KB

  • Sample

    220818-pxy99aeecp

  • MD5

    77a95d9806abdae032acc1eaf65e2483

  • SHA1

    ab863fbd9286887f9976d40634e42579bf2ab3e5

  • SHA256

    3e90b28232eeea2c1c050b30dae7d62595131b123927b7cec37805bf2bd96d28

  • SHA512

    5fb5742d49115f129efdbc77b8983e91d1f38dc1f91bf514abd94ca39a367ab3c8400847a49cb51cfecdf15839d00f363c8d6823edbe050bc6007ae014bedb02

  • SSDEEP

    6144:6yVcrHi8ATfodfysD1m2ILr/p4uYFtOyx/50Gfy6ZO:aHfAro31mxLeuYFtRT0

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      COH_Payment_Advice_Note_0009887897.xls

    • Size

      231KB

    • MD5

      77a95d9806abdae032acc1eaf65e2483

    • SHA1

      ab863fbd9286887f9976d40634e42579bf2ab3e5

    • SHA256

      3e90b28232eeea2c1c050b30dae7d62595131b123927b7cec37805bf2bd96d28

    • SHA512

      5fb5742d49115f129efdbc77b8983e91d1f38dc1f91bf514abd94ca39a367ab3c8400847a49cb51cfecdf15839d00f363c8d6823edbe050bc6007ae014bedb02

    • SSDEEP

      6144:6yVcrHi8ATfodfysD1m2ILr/p4uYFtOyx/50Gfy6ZO:aHfAro31mxLeuYFtRT0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks