Overview

overview

10

Static

static

8

9b5d412f58...67.xls

windows7-x64

10

9b5d412f58...67.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b5d412f58c74d052492defd3e1e84b1c9d239c82a7d49fdc6373c8402a6b567

  • Size

    191KB

  • Sample

    221121-pdd5zadd6y

  • MD5

    2adbd8d924a420631b9dda7e5218e750

  • SHA1

    135d6d452634523961ef47d69e562412576d24c7

  • SHA256

    9b5d412f58c74d052492defd3e1e84b1c9d239c82a7d49fdc6373c8402a6b567

  • SHA512

    b52d6cbc4493e5d4d9fd3b800727cf38555d4f9db36390a9461ad302d3970c74b8448deea4e2f4dd6cfe6cc9d7c7638a5e935b24074c13595de8987ea5f738a0

  • SSDEEP

    3072:S9stAbJJJOjf2eVeWoaPCkrPaQ49w+AKuWVbrzQ7ITk9pISaz5kuU6P:+s4J0PCkWnWV

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      9b5d412f58c74d052492defd3e1e84b1c9d239c82a7d49fdc6373c8402a6b567

    • Size

      191KB

    • MD5

      2adbd8d924a420631b9dda7e5218e750

    • SHA1

      135d6d452634523961ef47d69e562412576d24c7

    • SHA256

      9b5d412f58c74d052492defd3e1e84b1c9d239c82a7d49fdc6373c8402a6b567

    • SHA512

      b52d6cbc4493e5d4d9fd3b800727cf38555d4f9db36390a9461ad302d3970c74b8448deea4e2f4dd6cfe6cc9d7c7638a5e935b24074c13595de8987ea5f738a0

    • SSDEEP

      3072:S9stAbJJJOjf2eVeWoaPCkrPaQ49w+AKuWVbrzQ7ITk9pISaz5kuU6P:+s4J0PCkWnWV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks