Overview

overview

10

Static

static

8

a997e1b9b9...9b.xls

windows7-x64

10

a997e1b9b9...9b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a997e1b9b9b89540bd374299b18e30dde4137a2d28ea90b071aecf1b0e43449b

  • Size

    111KB

  • Sample

    221123-yzcnpsbd95

  • MD5

    46a97ec83219459effa22712c46ff18d

  • SHA1

    9fbc8b05e2294c0e3c072763e3ec5c3061d458f9

  • SHA256

    a997e1b9b9b89540bd374299b18e30dde4137a2d28ea90b071aecf1b0e43449b

  • SHA512

    2a9381324a4607b73eb80aca11f3601537f59f2236b1ed2817d256f72288f02b9d6ef3cd2a6d67a4d8cd95af26abce6b779519c01e6fab04007549afc4d8ae23

  • SSDEEP

    1536:7SXLXdG4fgkWVbrEKJfQ7ITkR62NCsY7nJdMcOu4/WwF15zM2M/MjaS:0dGUWVbr51Q7ITk9w4Bu5kOS

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a997e1b9b9b89540bd374299b18e30dde4137a2d28ea90b071aecf1b0e43449b

    • Size

      111KB

    • MD5

      46a97ec83219459effa22712c46ff18d

    • SHA1

      9fbc8b05e2294c0e3c072763e3ec5c3061d458f9

    • SHA256

      a997e1b9b9b89540bd374299b18e30dde4137a2d28ea90b071aecf1b0e43449b

    • SHA512

      2a9381324a4607b73eb80aca11f3601537f59f2236b1ed2817d256f72288f02b9d6ef3cd2a6d67a4d8cd95af26abce6b779519c01e6fab04007549afc4d8ae23

    • SSDEEP

      1536:7SXLXdG4fgkWVbrEKJfQ7ITkR62NCsY7nJdMcOu4/WwF15zM2M/MjaS:0dGUWVbr51Q7ITk9w4Bu5kOS

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks