Overview

overview

10

Static

static

8

0f7ec3a801...40.xls

windows7-x64

10

0f7ec3a801...40.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f7ec3a801cc90161cc7e5d084a9d68950906da65669bd6aafedaff03202ad40

  • Size

    133KB

  • Sample

    221125-qclzvsdc9t

  • MD5

    10b4176d931905cc393c592c73034474

  • SHA1

    e803d297b3c85e56eba83a00763df957632a45c7

  • SHA256

    0f7ec3a801cc90161cc7e5d084a9d68950906da65669bd6aafedaff03202ad40

  • SHA512

    5b8f56ade7582e309cdd101e8e299f32d176ca30743eba7830f34f4fbc76bb3480e8eecdee0f3f9733aa962180833e124c1bafd0808006972aa8e20f050fe50b

  • SSDEEP

    3072:Wrl6Nc7yRzs1H75wkZUgsQ6NqTBun5oxJWVbrzQ7ITk3mXJtXwIp:Al6Nc7yRzs1H75wkZUgsQ6NqTBun5ox4

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      0f7ec3a801cc90161cc7e5d084a9d68950906da65669bd6aafedaff03202ad40

    • Size

      133KB

    • MD5

      10b4176d931905cc393c592c73034474

    • SHA1

      e803d297b3c85e56eba83a00763df957632a45c7

    • SHA256

      0f7ec3a801cc90161cc7e5d084a9d68950906da65669bd6aafedaff03202ad40

    • SHA512

      5b8f56ade7582e309cdd101e8e299f32d176ca30743eba7830f34f4fbc76bb3480e8eecdee0f3f9733aa962180833e124c1bafd0808006972aa8e20f050fe50b

    • SSDEEP

      3072:Wrl6Nc7yRzs1H75wkZUgsQ6NqTBun5oxJWVbrzQ7ITk3mXJtXwIp:Al6Nc7yRzs1H75wkZUgsQ6NqTBun5ox4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks