Overview

overview

10

Static

static

8

6140a72a9a...c9.xls

windows7-x64

10

6140a72a9a...c9.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6140a72a9ae488ff2e256a661512f60d789bbc7ba78ee704b8cd4ebdf04878c9

  • Size

    115KB

  • Sample

    221121-pdgk4ahg24

  • MD5

    3bf774e7fe82f98908b7166cd8e6ed30

  • SHA1

    afed71ea48194518f8909ee7220c99d2bac0e2f4

  • SHA256

    6140a72a9ae488ff2e256a661512f60d789bbc7ba78ee704b8cd4ebdf04878c9

  • SHA512

    850024dedd8b915ea857fb5c536cfcc39003622f6b392645bd314283011433c41219aa117fd58fbdd07b3095b3eb1d4cf6509d8598156c697bb2044a2dcda28a

  • SSDEEP

    3072:45ul6Nc7yRzs1H75wkZUgsioAOO+jIcrbpWVbrzxG7ITk9H2AJtXwUekF:jl6Nc7yRzs1H75wkZUgsioAOO+jIcre2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      6140a72a9ae488ff2e256a661512f60d789bbc7ba78ee704b8cd4ebdf04878c9

    • Size

      115KB

    • MD5

      3bf774e7fe82f98908b7166cd8e6ed30

    • SHA1

      afed71ea48194518f8909ee7220c99d2bac0e2f4

    • SHA256

      6140a72a9ae488ff2e256a661512f60d789bbc7ba78ee704b8cd4ebdf04878c9

    • SHA512

      850024dedd8b915ea857fb5c536cfcc39003622f6b392645bd314283011433c41219aa117fd58fbdd07b3095b3eb1d4cf6509d8598156c697bb2044a2dcda28a

    • SSDEEP

      3072:45ul6Nc7yRzs1H75wkZUgsioAOO+jIcrbpWVbrzxG7ITk9H2AJtXwUekF:jl6Nc7yRzs1H75wkZUgsioAOO+jIcre2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks