Overview

overview

10

Static

static

8

de3dd2e27d...3c.xls

windows7-x64

10

de3dd2e27d...3c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de3dd2e27d138edf9d5def5572df51e2dab1c3d366532af3e324de2713749b3c

  • Size

    101KB

  • Sample

    221125-x38pwacg7v

  • MD5

    de589c737d0ebd20c0644ad9d3f16dab

  • SHA1

    cf55137adb534f323b56b53c0610cf72f53cecc0

  • SHA256

    de3dd2e27d138edf9d5def5572df51e2dab1c3d366532af3e324de2713749b3c

  • SHA512

    f5df525bd49dadd0d2def6c6572aa396476fdd3a9a4b9287076859d1adb3752996dfe8834ca50d64bb643e39a1dd822fe07ee20a22f616318f1547f6b8b34c69

  • SSDEEP

    1536:gHHHP/Wzz2NwgeEWVbrzQ7IuYkbA23pVOeXcJtXwi9d/WF:cWVbrzQ7IRkZ3/MJtXwAd/WF

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      de3dd2e27d138edf9d5def5572df51e2dab1c3d366532af3e324de2713749b3c

    • Size

      101KB

    • MD5

      de589c737d0ebd20c0644ad9d3f16dab

    • SHA1

      cf55137adb534f323b56b53c0610cf72f53cecc0

    • SHA256

      de3dd2e27d138edf9d5def5572df51e2dab1c3d366532af3e324de2713749b3c

    • SHA512

      f5df525bd49dadd0d2def6c6572aa396476fdd3a9a4b9287076859d1adb3752996dfe8834ca50d64bb643e39a1dd822fe07ee20a22f616318f1547f6b8b34c69

    • SSDEEP

      1536:gHHHP/Wzz2NwgeEWVbrzQ7IuYkbA23pVOeXcJtXwi9d/WF:cWVbrzQ7IRkZ3/MJtXwAd/WF

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks