Overview

overview

10

Static

static

8

eb9a7b82c9...54.xls

windows7-x64

10

eb9a7b82c9...54.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb9a7b82c9366b324df9fa233018245df9141c65b6f987b3abe12e99ea377054

  • Size

    100KB

  • Sample

    221125-n9tpvsae8s

  • MD5

    e9b2d82f97dc682f9e1f189a0a5d5d44

  • SHA1

    be5728db9fb33fe44279c85fd952b87abec7174b

  • SHA256

    eb9a7b82c9366b324df9fa233018245df9141c65b6f987b3abe12e99ea377054

  • SHA512

    5ee9751be35f23f9c8f0c8b28648abe2acc627572c8527882540baf0d5e25e44e31c9efcf9eaff33f65280f1c37b19a4f0adcc4551334a7a3fc7f1d4a60f7427

  • SSDEEP

    3072:nNl6Nc7yRzs1H75wkZUgsQ6NqTBun5ox2jcc0lbxOrn/vX1qiRb:Nl6Nc7yRzs1H75wkZUgsQ6NqTBun5oIJ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      eb9a7b82c9366b324df9fa233018245df9141c65b6f987b3abe12e99ea377054

    • Size

      100KB

    • MD5

      e9b2d82f97dc682f9e1f189a0a5d5d44

    • SHA1

      be5728db9fb33fe44279c85fd952b87abec7174b

    • SHA256

      eb9a7b82c9366b324df9fa233018245df9141c65b6f987b3abe12e99ea377054

    • SHA512

      5ee9751be35f23f9c8f0c8b28648abe2acc627572c8527882540baf0d5e25e44e31c9efcf9eaff33f65280f1c37b19a4f0adcc4551334a7a3fc7f1d4a60f7427

    • SSDEEP

      3072:nNl6Nc7yRzs1H75wkZUgsQ6NqTBun5ox2jcc0lbxOrn/vX1qiRb:Nl6Nc7yRzs1H75wkZUgsQ6NqTBun5oIJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks