Overview

overview

10

Static

static

8

91d283eb94...ab.xls

windows7-x64

10

91d283eb94...ab.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91d283eb9428cbe236a75b5ada5bd069ecf7a4140f87bb248450d4c5aa791cab

  • Size

    99KB

  • Sample

    221125-qcjvhaab49

  • MD5

    4b6018a91c17f85799af251040b1d46d

  • SHA1

    7c567767d8ea4c94077bcc1a9dae992202b26fc7

  • SHA256

    91d283eb9428cbe236a75b5ada5bd069ecf7a4140f87bb248450d4c5aa791cab

  • SHA512

    8cd5f9ba2e0087a9963de12cf4416fa7ad298e9572ac33f4cc03faaf930472053fcb3e185bc8e2e50d10ef2215f07dd904d2331dfee24b5dae4a1a699f81da3f

  • SSDEEP

    3072:5hl6Nc7yRzs1H75wkZUgsUI4ukoRWGNmWVbrzQ7ITkN+2LX1qiD:3l6Nc7yRzs1H75wkZUgsUI4ukoRWGNEx

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      91d283eb9428cbe236a75b5ada5bd069ecf7a4140f87bb248450d4c5aa791cab

    • Size

      99KB

    • MD5

      4b6018a91c17f85799af251040b1d46d

    • SHA1

      7c567767d8ea4c94077bcc1a9dae992202b26fc7

    • SHA256

      91d283eb9428cbe236a75b5ada5bd069ecf7a4140f87bb248450d4c5aa791cab

    • SHA512

      8cd5f9ba2e0087a9963de12cf4416fa7ad298e9572ac33f4cc03faaf930472053fcb3e185bc8e2e50d10ef2215f07dd904d2331dfee24b5dae4a1a699f81da3f

    • SSDEEP

      3072:5hl6Nc7yRzs1H75wkZUgsUI4ukoRWGNmWVbrzQ7ITkN+2LX1qiD:3l6Nc7yRzs1H75wkZUgsUI4ukoRWGNEx

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks