6dcf9151d6ca4049770fcb1265085e31f300cdf2690d8381af4c117d1bf51ff7

Sharing

Copy URL

Twitter E-mail

General

Target

6dcf9151d6ca4049770fcb1265085e31f300cdf2690d8381af4c117d1bf51ff7
Size

194KB
Sample

221124-hvzdxaaf61
MD5

46573e47ddad749bc837123b4b02a447
SHA1

8055b2620224214c4cfb29e0b8c9b3a52a4d88dd
SHA256

6dcf9151d6ca4049770fcb1265085e31f300cdf2690d8381af4c117d1bf51ff7
SHA512

193fa4f773b62ec3ed7d18e19f7f8c26d34038727ba560b2a4932a8471f7e451269fc9ba8432af54c33cc6bca4ba1f34f93d1471734194f9dd88a96471c4698c
SSDEEP

6144:dgwH54EKIttUl3vFQlNDRK+4po+xDYTSDtQ:uwHKEKKQsD0+/+xvDy

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  工程造价汇总表.xls
- Size
  
  86KB
- MD5
  
  f0dd2dbd92fa059aba0849c365a898cd
- SHA1
  
  803b525b29d7e0670b6a99e5850239e180da3f6f
- SHA256
  
  0c96d51f4643243439674af801b0fdf0fa7b1b1b1c0eaa164a9e07e73ea66372
- SHA512
  
  a545af07a4162ab244b2a15ef927ef97c04b1e0b3cfa3781a51d289199f9ca2acff50dae084f88391f9236681a5dc0331fd1b252fbae93b2ff47e91c26e7dab1
- SSDEEP
  
  1536:ymmmmCC37z8nY2jcc0lbxOvTgZEM88ScJbXwzlAs:q2jcc0lbxOrQjhJbXwZL
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1 behavioral2
- Target
  
  鸦岗(一期)保障性住房项目-清单封面.xls
- Size
  
  95KB
- MD5
  
  cd182977f1d514b9f42ee53fd6872f39
- SHA1
  
  d6d44e605c5451e8ce6b53e71b67231f9488551b
- SHA256
  
  906108194bd83bcb3f818cb02e0e0676a4641cd71be3059db5ab5f8b38784075
- SHA512
  
  6ab68849318e99aefa0e236772600db99d5f365105dff949dd60b5e4806d10b8a20383c7b6ac894c830c4db14634ca5c41758efea1587dea00e3052a40d70761
- SSDEEP
  
  1536:zfffJyfQksFlK6VJOufFtMTyruR4/e4UzZ95I3bvWVbrzcmY7ITkiD2lAkpE9cJw:U/ibWVbrzu7ITkDfpE2J9Xw45kXeHO
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral3 behavioral4
- Target
  
  鸦岗(一期)项目临时道路工程.xls
- Size
  
  117KB
- MD5
  
  ceb7c379a75a0d98ebb1b11540318549
- SHA1
  
  770a9df494f19796f5b4ad7e205ff3a0c1497cd9
- SHA256
  
  8c00002fe7f384889193a10a02ad84718be270e2d5f853206da19ffefc501113
- SHA512
  
  6998eff8d45e0aa81e45a5d3e662d65064825fc837ae8369543c53f09094bec4ffca0949d79445e48b5fa0a03dbad471b725276dd5a5c5b797c90de3ee54f6f1
- SSDEEP
  
  1536:ehZzcxUjN1NNNNNNNNNthJJJJJJJJ65M5xw36i6bRb6nEXv8SK7G0EdH:spx3Fi6bRb6nEXv8DiTH
Score

1^/10
behavioral5 behavioral6
- Target
  
  鸦岗(一期)项目围墙工程.xls
- Size
  
  111KB
- MD5
  
  f072802a65446f06507a083901410de5
- SHA1
  
  07065594c73980d7bbe90c08a02c6be34ba04395
- SHA256
  
  85fa5fa95e65ae7b401b97345dcc4ada80ff27727cd04edb27001fc31b8519e0
- SHA512
  
  f4ac54da38dbf3fc006c3373264215449748a3a12b4e2bb1530036297a7d475bd36ecbc5864e236f63ef9c15986ddadb011605ba86d842470a940cb5937499b6
- SSDEEP
  
  1536:ih5T8R9JJJJJJJJJxfmwH7Xk9KLYx+/Mj9g2L2L9NJUbK:J9H7Xk9KLYx+/MJfoAK
Score

1^/10
behavioral7 behavioral8
- Target
  
  鸦岗(一期)项目基坑支护及土石方工程.xls
- Size
  
  225KB
- MD5
  
  d95513314d289d81ac50d472e72c4c4d
- SHA1
  
  877d9e12bb469e6b52220c6b26bad85337b3d68a
- SHA256
  
  90a8ed62942b48191d73188e9e8baff46077de97b69fecc17dbf6e964e77525d
- SHA512
  
  dfb76f9fcd851ab912dcd5d17838760b7b8540cd2baf45be4cd5d23c07a4c8be2beab71a4a801f917ecd548dd85b54697d6cb63ab274ceacbaa137971224d034
- SSDEEP
  
  3072:1YjPEOOPTguRLMZBcSOhAA/MCXxl+ZWVbihlzQ7ITk9I03L3FoJLXwN5kBNb:RAZ2SO2YMCXqdS3L3Y
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral10 behavioral9
- Target
  
  鸦岗(一期)项目安保监控系统工程.xls
- Size
  
  138KB
- MD5
  
  f870c4716e98b1d512ab2ec19cda9603
- SHA1
  
  cc81de11f9582f5de36f2a38d181e0888199ac4a
- SHA256
  
  d390025534cfd19164ec259f5b1d29b8473d319c5dd8e878492854139141d7bf
- SHA512
  
  74e0069f50ce8c627cfcc4aa70447707a8d3a351136cfc2f1ab081524841bf184bad88c54ef2c7c9d682276c6bfc40821ec90c1072b5401bf2a3cd850c0aa486
- SSDEEP
  
  3072:LyyYBK6bR/Wn/cDQCX3Ds3Pc/XmjN1MoCZ20:exdTa/8
Score

1^/10
behavioral11 behavioral12
- Target
  
  鸦岗(一期)项目排水排污工程.xls
- Size
  
  108KB
- MD5
  
  7fda23c0b94d15f0a9324de860a6114b
- SHA1
  
  f6fe8eb1d8639aa801e392173f68796061d4ee7e
- SHA256
  
  b237b57457561ba918388123c7d41b6a439e6f9cadf0e59c10dcec5dc927b7cd
- SHA512
  
  fb3fe1b03175da3a1f3956008e6d2d690e3d0e5583433184b3f122d6d266a9a5852d059175a233e4baaedd71f0227e7415eeb914578b393b65e62b6936a76302
- SSDEEP
  
  1536:LB64/SGuJJJJJJJJJVKscXcZO+0K7gFt8:RwM8
Score

1^/10
behavioral13 behavioral14
- Target
  
  鸦岗(一期)项目桥梁工程.xls
- Size
  
  113KB
- MD5
  
  025c92f45c07293a3749e24378a8853e
- SHA1
  
  de6dd7b30a0a06b3517637d79e26021e07e29dae
- SHA256
  
  2bd87af962d70c7f128b36f1bee8b7daf2310bbb9e2d92df1d9f99451470114a
- SHA512
  
  b377c84a44e87d6fb95cea25732913876b180448d0632de746d2b1e81aec527f7e1bf8081f4700697941955a508b6f3abfbf236239a381904dc55006a0da6875
- SSDEEP
  
  1536:iJ9PoVK20YJJJJJJJJJaNOZNS6bRb6nOhv8xOT6t/t:70/sZNS6bRb6nOhv88T2t
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Hidden Files and Directories

T1158

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

Deletes itself

Process spawned unexpected child process

Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16