Overview

overview

10

Static

static

8

a21ea9adb9...27.xls

windows7-x64

10

a21ea9adb9...27.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a21ea9adb97fe5701d6e7f66bf34e942355038edfb46b499805238543274c627

  • Size

    116KB

  • Sample

    221122-1wv2zsea5s

  • MD5

    df1045b91341f9edd742318a27e16ec3

  • SHA1

    6b3dc1972bc1e1451d3a5073ec8af461e011e766

  • SHA256

    a21ea9adb97fe5701d6e7f66bf34e942355038edfb46b499805238543274c627

  • SHA512

    6662905300db23a7c28db58c1e7b0183d496426ef0627e562578c795ea3f46d96c3c3c09c7e04d353de31f40453847f5d88f3a6e5a7d9a31486a40ac793c368c

  • SSDEEP

    1536:8kkkI8iEh1tQGxWicdkmeXDXZ95sALLIY0oOTgWvbrzQ744TkR62bRgeOEgScJtb:lfWvbrzQ7PTk9SBJtXwX2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a21ea9adb97fe5701d6e7f66bf34e942355038edfb46b499805238543274c627

    • Size

      116KB

    • MD5

      df1045b91341f9edd742318a27e16ec3

    • SHA1

      6b3dc1972bc1e1451d3a5073ec8af461e011e766

    • SHA256

      a21ea9adb97fe5701d6e7f66bf34e942355038edfb46b499805238543274c627

    • SHA512

      6662905300db23a7c28db58c1e7b0183d496426ef0627e562578c795ea3f46d96c3c3c09c7e04d353de31f40453847f5d88f3a6e5a7d9a31486a40ac793c368c

    • SSDEEP

      1536:8kkkI8iEh1tQGxWicdkmeXDXZ95sALLIY0oOTgWvbrzQ744TkR62bRgeOEgScJtb:lfWvbrzQ7PTk9SBJtXwX2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks