Overview

overview

10

Static

static

8

37be65afd0...ca.xls

windows7-x64

10

37be65afd0...ca.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37be65afd0a78c66d9e4957443c84ea013a6971c521175fd9c698fa16409d9ca

  • Size

    826KB

  • Sample

    221125-lh41eagc39

  • MD5

    42ab5657763256ec9edb0610deac2938

  • SHA1

    1a9dae387f57bc924e52515965c84920bee2fbfc

  • SHA256

    37be65afd0a78c66d9e4957443c84ea013a6971c521175fd9c698fa16409d9ca

  • SHA512

    17762ffe7c7e2da720efdf0924adc9c5250f18e3002b5cc5e1e8db0952f6aa0d89cc22fdb2a7efcd54ff201c1bba17e7ee6dfdb6ad47d8bcbc6d45999651ef1f

  • SSDEEP

    6144:5k3hOdsylKlgryzc4bNhZF+E+W2kQCAH8SD4HW44KwACfnVIGI70:tCCD

Score
10/10
macro

Malware Config

Targets

    • Target

      37be65afd0a78c66d9e4957443c84ea013a6971c521175fd9c698fa16409d9ca

    • Size

      826KB

    • MD5

      42ab5657763256ec9edb0610deac2938

    • SHA1

      1a9dae387f57bc924e52515965c84920bee2fbfc

    • SHA256

      37be65afd0a78c66d9e4957443c84ea013a6971c521175fd9c698fa16409d9ca

    • SHA512

      17762ffe7c7e2da720efdf0924adc9c5250f18e3002b5cc5e1e8db0952f6aa0d89cc22fdb2a7efcd54ff201c1bba17e7ee6dfdb6ad47d8bcbc6d45999651ef1f

    • SSDEEP

      6144:5k3hOdsylKlgryzc4bNhZF+E+W2kQCAH8SD4HW44KwACfnVIGI70:tCCD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks