Overview

overview

10

Static

static

Shields Bu...t.xlsx

windows10-2004-x64

10

Resubmissions

22-11-2022 20:22

221122-y5189abc61 10

22-11-2022 20:11

221122-yyfc7sba41 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shields Business Solutions Inc. Payment.xlsx

  • Size

    432KB

  • Sample

    221122-yyfc7sba41

  • MD5

    d477e387ba700d5370d0bef98de4eb8b

  • SHA1

    ff544f6d0aea7e990d10cc442f3292fbb37d338c

  • SHA256

    852c0560d3e7917eccdbaf3013be43c0bd34fa39a92c56ba87d737ffe9f1c2f2

  • SHA512

    76bc77018bae2ef29cde11bb96de4dbf88530b5a0cb11a11e6d5743df4124daa54d17d1c05b56503cbb3507830512616fe62d677f23ea43f5cb34e7e82c41545

  • SSDEEP

    12288:T8q6Lnmb7c7TO+lnVFqwjymB8YwWl6Ieg2v7EUnEcE:Aq6Lm8XV/FymBF6I32vIDP

Score
10/10
microsoftpersistencephishing

Malware Config

Targets

    • Target

      Shields Business Solutions Inc. Payment.xlsx

    • Size

      432KB

    • MD5

      d477e387ba700d5370d0bef98de4eb8b

    • SHA1

      ff544f6d0aea7e990d10cc442f3292fbb37d338c

    • SHA256

      852c0560d3e7917eccdbaf3013be43c0bd34fa39a92c56ba87d737ffe9f1c2f2

    • SHA512

      76bc77018bae2ef29cde11bb96de4dbf88530b5a0cb11a11e6d5743df4124daa54d17d1c05b56503cbb3507830512616fe62d677f23ea43f5cb34e7e82c41545

    • SSDEEP

      12288:T8q6Lnmb7c7TO+lnVFqwjymB8YwWl6Ieg2v7EUnEcE:Aq6Lm8XV/FymBF6I32vIDP

    Score
    10/10
    microsoftpersistencephishing

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks