Overview

overview

10

Static

static

8

e8c5695d41...0b.xls

windows7-x64

10

e8c5695d41...0b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8c5695d419e46b333cf085ffe84813db1c85643415900d075c0bd46a311460b

  • Size

    97KB

  • Sample

    221125-qchmfadc8z

  • MD5

    7692ff912b0f31f8611b86693a99428b

  • SHA1

    5b0199a84bfc3e32cfbd5aa2d8f0203d5783c9a5

  • SHA256

    e8c5695d419e46b333cf085ffe84813db1c85643415900d075c0bd46a311460b

  • SHA512

    c944303d84d3e28ba7955421e0e14c9de1fb5653aa512b65f9a30fe8d9af08c51647a62ab74cfe93c42f82d833067ed6cd562faa894a6dd6712f87c0f6abfe99

  • SSDEEP

    1536:3IIIIkK1FSN1ebnuCWVb9TZuSzQ7ITkR62lIM88S6JtXwRZM2M/MkpR0q:nWVb9T1zQ7ITk97jDJtXws5kkiq

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      e8c5695d419e46b333cf085ffe84813db1c85643415900d075c0bd46a311460b

    • Size

      97KB

    • MD5

      7692ff912b0f31f8611b86693a99428b

    • SHA1

      5b0199a84bfc3e32cfbd5aa2d8f0203d5783c9a5

    • SHA256

      e8c5695d419e46b333cf085ffe84813db1c85643415900d075c0bd46a311460b

    • SHA512

      c944303d84d3e28ba7955421e0e14c9de1fb5653aa512b65f9a30fe8d9af08c51647a62ab74cfe93c42f82d833067ed6cd562faa894a6dd6712f87c0f6abfe99

    • SSDEEP

      1536:3IIIIkK1FSN1ebnuCWVb9TZuSzQ7ITkR62lIM88S6JtXwRZM2M/MkpR0q:nWVb9T1zQ7ITk97jDJtXws5kkiq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks