Overview

overview

10

Static

static

8

2014维修...��.xls

windows7-x64

10

2014维修...��.xls

windows10-2004-x64

10

维修一�...��.xls

windows7-x64

10

维修一�...��.xls

windows10-2004-x64

10

维修一�...��.xls

windows7-x64

10

维修一�...��.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a36a189ee6c1ae3518a71f7560b3046facc30942f907f9244cf1b18573bbe862

  • Size

    125KB

  • Sample

    221125-x4r4hshh24

  • MD5

    0fcf63d7ee81183e7908fc7b2ef6c22e

  • SHA1

    80439fa3edea183742f9aa2f2367e5cccc8b184f

  • SHA256

    a36a189ee6c1ae3518a71f7560b3046facc30942f907f9244cf1b18573bbe862

  • SHA512

    3da72741f4b19cae9de384e585ee5dd231b6e1832cba09b563fb1f2e6052ffa695d2b757d9319927e21226f093b8c73b749b8dd6b2fa68be3b87a5019961d6c3

  • SSDEEP

    3072:tLyDtw+rKPuhtQZ2Rs9DubyPzoANCX3Obj+/arqMxaQua4:t+hw+ZhtQARs1UELNAe3Iazua4

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      2014维修一车间三组修旧利废核算表.xls

    • Size

      100KB

    • MD5

      eeef638de5651e59c5dc24836f37306c

    • SHA1

      be14cdd2fde6dd1165204a81f19b20783e2a4db7

    • SHA256

      8ab516628cdac8d4a61e48303cc71933e8e2ce18eb0b79eaf63054076c636d76

    • SHA512

      9b9d9ddad6d987787b35fd481bef6ea477fa8b80691fecb180b0bf9bd345b3cfcde9bba21f1487a0aeabaa3bb12084d963e45c0a7f2a2392105bc29ec6be1a90

    • SSDEEP

      1536:go777VmRqV+4w75Z5sKJQHnwZ95J6eoJLWVbrzJxE6HD7ITkR62lIM88STJtXwRe:V5zWVbrzJ6KD7ITk9njiJtXwL5kacsG

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

    • Target

      维修一三组10月月报.xls

    • Size

      110KB

    • MD5

      21c6b1559df852e77e8d201c0a9130e8

    • SHA1

      bfbaa28263b6029b3964e34c8e7544de346a9981

    • SHA256

      297f3ee2b8bc14163e5d7971350adb587a847610acc38cc88160d3679181a5a0

    • SHA512

      42db083f1d52bbdb44fcc1cbb84b0a3d6cc4a95b88d2c6f2a289b07a5f4f9a1586d16c7b3ce01fe9aa205435fe962770c159eed2074e8eac517b460ea6bd5098

    • SSDEEP

      1536:lOOOzcQvs1J8e8tSPQbkVpHj/0+Z95Qpy2eLTx81v6WVbrzQgiUCnyITkR62lLQ5:69y2UWVbrzQgDITk9qjhJtXwL5kbg4T

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral3behavioral4

    • Target

      维修一三组10月运转设备报表.xls

    • Size

      119KB

    • MD5

      bc975b54fc42712a23b86c4f9cb072a3

    • SHA1

      d19a838a3569ed2831248c2045b6d6f3b340442b

    • SHA256

      e6a7b74210342e244a5a0d692e49d205fded4f2d75357785ad971a31767923d0

    • SHA512

      4729ac1dac2a3547ed664fc5fa27dc3880f20285fcfae8a6fde6594c6302cabc119a869538bc1db904cc11c80085151af742ed6e0640a6d2241a32009bbffc47

    • SSDEEP

      1536:UG666clXwWXbAI7cvwQq/B5ZJChyRfMZ95e+ejRBSWVbrzNKQsz7ITkR62lD5EeU:lx+NWVbrzcz7ITk9fEdJtXwY5kHGNv5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

3
T1158

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Hidden Files and Directories

3
T1158

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks