Overview

overview

10

Static

static

8

c2a0602f7c...d7.xls

windows7-x64

10

c2a0602f7c...d7.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2a0602f7ca3e9ee29540192a9cf21606b0f0115a32b594f420cb0ba3e1692d7

  • Size

    163KB

  • Sample

    221119-31nvksgc24

  • MD5

    4ccdd474fd3cda73be1b15771aed0304

  • SHA1

    6c4d45cbee900ad862ab4cb09ea6244f99137715

  • SHA256

    c2a0602f7ca3e9ee29540192a9cf21606b0f0115a32b594f420cb0ba3e1692d7

  • SHA512

    8a1a6b792eb45c1c8dabd6d50056b5b7e97dc3d1c8ebc48cb51215f8af822c2a96f5d6c739e5d11e5fdffe52404add5664b097f9f99484e50b4a7c187021a0ca

  • SSDEEP

    3072:syh/sKqt53Nj54ygN0kAtPHS2jcc0lbxOrgPqJtXwwg:xhzqADAtPHCE

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c2a0602f7ca3e9ee29540192a9cf21606b0f0115a32b594f420cb0ba3e1692d7

    • Size

      163KB

    • MD5

      4ccdd474fd3cda73be1b15771aed0304

    • SHA1

      6c4d45cbee900ad862ab4cb09ea6244f99137715

    • SHA256

      c2a0602f7ca3e9ee29540192a9cf21606b0f0115a32b594f420cb0ba3e1692d7

    • SHA512

      8a1a6b792eb45c1c8dabd6d50056b5b7e97dc3d1c8ebc48cb51215f8af822c2a96f5d6c739e5d11e5fdffe52404add5664b097f9f99484e50b4a7c187021a0ca

    • SSDEEP

      3072:syh/sKqt53Nj54ygN0kAtPHS2jcc0lbxOrgPqJtXwwg:xhzqADAtPHCE

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks