Overview

overview

10

Static

static

8

blank.xlsm

windows7-x64

10

blank.xlsm

windows10-2004-x64

10

Resubmissions

10/10/2022, 13:31

221010-qscfcscbfk 10

10/10/2022, 13:27

221010-qqegyacbel 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    blank.xlsm

  • Size

    3KB

  • Sample

    221010-qqegyacbel

  • MD5

    303107e8bec176e787b30e554283d1b7

  • SHA1

    f7d998ee5ecfbc7d9f270ea74bb2fb16701fb272

  • SHA256

    2ebfb80cbbd66cb7fc4d2e18f7e89cde1dcf53fc987af376f08fd5ada63543e0

  • SHA512

    b6c56d1154e6e85a9d6e3efa78d6a3fb49a25acd432a79107f9b243f409df186bee2abaebdf75f9debed027587573214bd9e9a8249db909c706fc807c620b7a5

Score
10/10
macro

Malware Config

Targets

    • Target

      blank.xlsm

    • Size

      3KB

    • MD5

      303107e8bec176e787b30e554283d1b7

    • SHA1

      f7d998ee5ecfbc7d9f270ea74bb2fb16701fb272

    • SHA256

      2ebfb80cbbd66cb7fc4d2e18f7e89cde1dcf53fc987af376f08fd5ada63543e0

    • SHA512

      b6c56d1154e6e85a9d6e3efa78d6a3fb49a25acd432a79107f9b243f409df186bee2abaebdf75f9debed027587573214bd9e9a8249db909c706fc807c620b7a5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks