Overview

overview

10

Static

static

8

dcb68b8fe7...7e.xls

windows7-x64

10

dcb68b8fe7...7e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcb68b8fe7cbba08c7ea48ebb66494668da72fff9b8bf1d693138b8d7809657e

  • Size

    106KB

  • Sample

    221125-pja1haga98

  • MD5

    31b08c99d7e8d6ca1bfdc06e2a87a17f

  • SHA1

    e3da1eceab782c6a10cc2e5a9ca87f1625e3454c

  • SHA256

    dcb68b8fe7cbba08c7ea48ebb66494668da72fff9b8bf1d693138b8d7809657e

  • SHA512

    f2539a651531832b30efd048f881c0e86a60e98a050a17b565c359381762b47d33c97227c32ac1c5451b1293e07cde3de44099f0616f30abeb3d44f2deb09c9c

  • SSDEEP

    1536:Q44440N4D59FjutbhImP8OIzoWVbrzQhhrITkiD2EuO/WwF1J8+vM2M/M7HT:rTILuWVbrzQLrITkD3M/U5kDT

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      dcb68b8fe7cbba08c7ea48ebb66494668da72fff9b8bf1d693138b8d7809657e

    • Size

      106KB

    • MD5

      31b08c99d7e8d6ca1bfdc06e2a87a17f

    • SHA1

      e3da1eceab782c6a10cc2e5a9ca87f1625e3454c

    • SHA256

      dcb68b8fe7cbba08c7ea48ebb66494668da72fff9b8bf1d693138b8d7809657e

    • SHA512

      f2539a651531832b30efd048f881c0e86a60e98a050a17b565c359381762b47d33c97227c32ac1c5451b1293e07cde3de44099f0616f30abeb3d44f2deb09c9c

    • SSDEEP

      1536:Q44440N4D59FjutbhImP8OIzoWVbrzQhhrITkiD2EuO/WwF1J8+vM2M/M7HT:rTILuWVbrzQLrITkD3M/U5kDT

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks