0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea | Triage

Submit
Reports

Overview

overview

Static

static

8

0d2d6881a1...ea.xls

windows7-x64

0d2d6881a1...ea.xls

windows10-2004-x64

1

Resubmissions

23-11-2022 09:41

221123-ln2ggabh29 10

22-11-2022 22:00

221122-1wslvsea4y 10

Sharing

General

Target

0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea
Size

308KB
Sample

221123-ln2ggabh29
MD5

42a76635b4ce4e7bf708a738ab24ed6a
SHA1

3add63d07d71fa58aec69ddfb74f61e8a0556999
SHA256

0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea
SHA512

1b7dcef7644e68ca5352090efab7cf5467a1f590e34993d2a4d5f9bec8ca367772de932e2341ad34cf9610402d0e089c41c178000bd47b753a234e03849566e0
SSDEEP

6144:2l6Nc7yRzs1H75wkZUgsQ6NqTBun5oOFRynDDaU05XQ/zuqsfqHh7dClDwXP+ZrZ:FynDdJzkf0CSXPQo1Nf

Score

10^/10

evasion macro macro_on_action persistence xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea.xls

Resource

win7-20221111-en

evasion macro macro_on_action persistence xlm

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea.xls

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea
- Size
  
  308KB
- MD5
  
  42a76635b4ce4e7bf708a738ab24ed6a
- SHA1
  
  3add63d07d71fa58aec69ddfb74f61e8a0556999
- SHA256
  
  0d2d6881a1217e2d4fac370e22db7cc094d3a95c46b74957541ae8fcd20e3fea
- SHA512
  
  1b7dcef7644e68ca5352090efab7cf5467a1f590e34993d2a4d5f9bec8ca367772de932e2341ad34cf9610402d0e089c41c178000bd47b753a234e03849566e0
- SSDEEP
  
  6144:2l6Nc7yRzs1H75wkZUgsQ6NqTBun5oOFRynDDaU05XQ/zuqsfqHh7dClDwXP+ZrZ:FynDdJzkf0CSXPQo1Nf
Score

10^/10

evasion macro macro_on_action persistence xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionmacromacro_on_actionpersistencexlm

behavioral2

© 2018-2024

Terms | Privacy