Overview

overview

10

Static

static

8

Payment Advice.xls

windows7-x64

10

Payment Advice.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice.xls

  • Size

    124KB

  • Sample

    220818-xvcmgaaehp

  • MD5

    873c90af6836b2ad3cce748e99d1b0bd

  • SHA1

    266f7f7ac7890227852a996d5f71bf09483616df

  • SHA256

    9465c35c652271b12b696f88d353149641b74c354d955753e10ee14424e84f88

  • SHA512

    e52eeebb1997b795331fac921dee3e831bd1cc44a73921e2bc5454bb56e3b68f7313aa90fc8bf8519e0afc1fff68ae5850dcfa8e2d2bdc404dd5e9774878d071

  • SSDEEP

    3072:Mk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJbE22h6hu5LmZADuohIliIsz:Mk3hOdsylKlgxopeiBNhZF+E+W2kdAKV

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      Payment Advice.xls

    • Size

      124KB

    • MD5

      873c90af6836b2ad3cce748e99d1b0bd

    • SHA1

      266f7f7ac7890227852a996d5f71bf09483616df

    • SHA256

      9465c35c652271b12b696f88d353149641b74c354d955753e10ee14424e84f88

    • SHA512

      e52eeebb1997b795331fac921dee3e831bd1cc44a73921e2bc5454bb56e3b68f7313aa90fc8bf8519e0afc1fff68ae5850dcfa8e2d2bdc404dd5e9774878d071

    • SSDEEP

      3072:Mk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJbE22h6hu5LmZADuohIliIsz:Mk3hOdsylKlgxopeiBNhZF+E+W2kdAKV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks