fcaf6de09617f5e5b814582b6a19e947081ada037519dd8cde42cf99c23e9ca0 | Triage

Sharing

General

Target

fcaf6de09617f5e5b814582b6a19e947081ada037519dd8cde42cf99c23e9ca0
Size

60KB
Sample

221125-x3lv4scg2t
MD5

101c0c6f476715f253be504d9ed0e25e
SHA1

c64e6ad491950686f6790ab1a7f20527734219d0
SHA256

fcaf6de09617f5e5b814582b6a19e947081ada037519dd8cde42cf99c23e9ca0
SHA512

78178603aad3a400de957528d4334b895ee96b913e0f75d3bbd17caae774c4b4f57b4211e20432acc5741309a34a816fa3b850aedc2cd1bdd9b41de535713a18
SSDEEP

1536:1EIWOtW9HZGzRvK9ZKtF3MP8JS07067+VdP5c+0zZsEdkiX:MWvAKt9MUJS0gJLUPR

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  博物馆/92(不合并)园林定额表.XLS
- Size
  
  25KB
- MD5
  
  5996b556ceb6e38168a0b068e16f9217
- SHA1
  
  473dfd69bf29449fa05b564a262d602625ec7927
- SHA256
  
  4d09357c779232e085d73b25b82708aa951d98e6f1270dd160d824a2b5d70bbd
- SHA512
  
  83bc66af84f2dfff121b99c2e3f8953e9e90ad1c3d2da35903a777caec326d7185ffab596cd76cb7c16f949a4fc416dea4c46766619862af2fc2409a687ce252
- SSDEEP
  
  384:agqqqe1IBR2kd4Ov0ylOQoj+Ex857uXdVS9WZgI:agqqqe1IBR2kd4Oc+uBx8mdQ9Wr
Score

1^/10
behavioral1 behavioral2
- Target
  
  博物馆/92仿古费用表.XLS
- Size
  
  88KB
- MD5
  
  a3ca7b671b6451cdcafd8f47a4e88e75
- SHA1
  
  a508ac5d96b1526c37a808f886c06dfe068fe5e9
- SHA256
  
  3b65f45b8ef1ae7e290bd79f6b4be830b8dcd3dd53ce4b2f3086c356170710a6
- SHA512
  
  85c144a33fdefe5e3b38d4a6b163a844b44605ee3ad60d664d31dcafbe622e35f55095e8b4929cce6e50ff5a7f18ff8064b1dccddd12c493cead5fa51c1f1fe9
- SSDEEP
  
  1536:i222y9MfecOg2jcc0lbxOvTgZsLcY7nJdFoOGIayWU2XKgb/:qg2jcc0lbxOr/p8baq/
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral3 behavioral4
- Target
  
  博物馆/92园林工程材料分析表全.XLS
- Size
  
  26KB
- MD5
  
  5fbb40af0cc5f9d4ba4d80a25248e300
- SHA1
  
  5fb5a04dcda19619a68dc13e6b65d9bfe1ebed5e
- SHA256
  
  bfab9bd640492cd422c28a4f65de99cf2c2d9a51b323ffa333b7650e240f78e0
- SHA512
  
  9078c84d053e46f7eabce5b4be2ecbbbf3d9a569e9a6020d4c4700f37b83a80ccecb0c333ddf4fbba0797a6d5b31e003b6fe98a74e97bc9d46c11893b6299f39
- SSDEEP
  
  384:ysMMMgt2nR2yCEHRK9egVc/wxCM2xkOgzrS4:LMMMgt2nR2JWK9egMwYM2FurS4
Score

1^/10
behavioral5 behavioral6
- Target
  
  博物馆/92园林费用表.XLS
- Size
  
  18KB
- MD5
  
  64c9f4ca4c70dd16adde4388c4c48e90
- SHA1
  
  0964fc33a455941517876ede8516d96689ee58ce
- SHA256
  
  4258d8d2b18499c8c037815731217bc9f6e27dfe9cb2002bd5447ffbf0fb1382
- SHA512
  
  cbd4a51fb2f0a5051e1cd41379d6553b4ac9e8000f662dd5b1b18171b55e6c481cbd899b74f8244e64ac4bbb773b8850b448b9da44a956206016ec58c00bd690
- SSDEEP
  
  96:yblgCiplplpl/Vbh2VR2GUPcdyg6+f22NQwXcmN74d2b8h6CMglejkpinItGrMx8:yPiplplpl/Fh+R20Qws59645
Score

1^/10
behavioral7 behavioral8
- Target
  
  博物馆/马店纪念馆维修.docx
- Size
  
  16KB
- MD5
  
  abaddbe4716ee3ac0d6d9ec2b70775e8
- SHA1
  
  0c9ccd709c25ae5033372311d71b0f76beefc1c5
- SHA256
  
  82456f5819daf6535699f3c1b6536ef5a9c0cedafd4aad1d0f00b92cf2709b34
- SHA512
  
  8e5c9c812aab1e95f2f7f870d086b401a3a5d6b83a902808c087bfb47787fd8c5730d6e2af4f6d2de172fc4eb23bba917aa2c99bb9b562d31c6a746c2642d1a5
- SSDEEP
  
  384:iub1YSTkJR5wjy4OPbsT3uGFob5q8LJQNLuNg:11xTkj5eyr+eLiJua
Score

4^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10