Overview

overview

10

Static

static

8

ddbc8febc1...90.xls

windows7-x64

10

ddbc8febc1...90.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddbc8febc1110bcc2fb1369b93b7bcd101b94d30e86a361845858b483521cd90

  • Size

    86KB

  • Sample

    221125-kjamhsea65

  • MD5

    71643ef193ce19510bb0dea299f4389c

  • SHA1

    9c0cc2cea1d7262fed71ef06b4be9d7c7570d37f

  • SHA256

    ddbc8febc1110bcc2fb1369b93b7bcd101b94d30e86a361845858b483521cd90

  • SHA512

    6eb503427b13199e7b7edd6de79f7a9f8e33943f6dd0248a7f1de6af9f1a4e1272dc486474d65ee7123504294f9197c0ebe182d77b47db81e856fd6b8e1834bf

  • SSDEEP

    1536:FNNNhAc9br+Ln2jcc0lbxOvTgZEM88ScJbXw0FA:f+2jcc0lbxOrQjhJbXwcA

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ddbc8febc1110bcc2fb1369b93b7bcd101b94d30e86a361845858b483521cd90

    • Size

      86KB

    • MD5

      71643ef193ce19510bb0dea299f4389c

    • SHA1

      9c0cc2cea1d7262fed71ef06b4be9d7c7570d37f

    • SHA256

      ddbc8febc1110bcc2fb1369b93b7bcd101b94d30e86a361845858b483521cd90

    • SHA512

      6eb503427b13199e7b7edd6de79f7a9f8e33943f6dd0248a7f1de6af9f1a4e1272dc486474d65ee7123504294f9197c0ebe182d77b47db81e856fd6b8e1834bf

    • SSDEEP

      1536:FNNNhAc9br+Ln2jcc0lbxOvTgZEM88ScJbXw0FA:f+2jcc0lbxOrQjhJbXwcA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks