Overview

overview

10

Static

static

8

1051d8424f...cb.xls

windows7-x64

10

1051d8424f...cb.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1051d8424fbae2eb7605a6f6ec4a18c7f3365094a8be768dfd517d26c51b44cb

  • Size

    83KB

  • Sample

    221125-nyxblshg4y

  • MD5

    02b746f42a2b0f85de6fe66b12074c30

  • SHA1

    49d468a35df277d531b5d859d1927f95276923c5

  • SHA256

    1051d8424fbae2eb7605a6f6ec4a18c7f3365094a8be768dfd517d26c51b44cb

  • SHA512

    78feb028b2f188aa39fb82f60171a4acff3651a63eec587c9ad35441ad5b0db2043892c4f01dc39217328e06158f07e220b732911c0cd37c5dba89e0e599756b

  • SSDEEP

    1536:h2222y+v0c7wnCEVEyClEX2jcc0lbxOvTgZuIhY7nJdJoOd7cJtXwjrW:8EM2jcc0lbxOrC2AJtXw3W

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      1051d8424fbae2eb7605a6f6ec4a18c7f3365094a8be768dfd517d26c51b44cb

    • Size

      83KB

    • MD5

      02b746f42a2b0f85de6fe66b12074c30

    • SHA1

      49d468a35df277d531b5d859d1927f95276923c5

    • SHA256

      1051d8424fbae2eb7605a6f6ec4a18c7f3365094a8be768dfd517d26c51b44cb

    • SHA512

      78feb028b2f188aa39fb82f60171a4acff3651a63eec587c9ad35441ad5b0db2043892c4f01dc39217328e06158f07e220b732911c0cd37c5dba89e0e599756b

    • SSDEEP

      1536:h2222y+v0c7wnCEVEyClEX2jcc0lbxOvTgZuIhY7nJdJoOd7cJtXwjrW:8EM2jcc0lbxOrC2AJtXw3W

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks