Overview

overview

10

Static

static

8

4694fd27bd...f3.xls

windows7-x64

10

4694fd27bd...f3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4694fd27bdbf5b240daf20026ddd2d12a9ddaa3dd2b8b5a60d2fe48da16865f3

  • Size

    102KB

  • Sample

    221125-x5bg6ach7v

  • MD5

    740ddd0b5dfd217121428c94d1e7960f

  • SHA1

    5662dfeb414bacc6e47de591942a8a05f9ff20da

  • SHA256

    4694fd27bdbf5b240daf20026ddd2d12a9ddaa3dd2b8b5a60d2fe48da16865f3

  • SHA512

    8e2468bb5a1e78e20603cccd5eac3c960f13189e723310f52da6aa5cb2981459b03c5ca6e02f4f0b94fef618cc62acc02c0117451705739f76d81825d59c0f89

  • SSDEEP

    1536:sFFFpvkkj5pWVbrzlv7ITkR62lGM88wcJtXwRvM2M/MHUd+:SWVbrzh7ITk9tjDJtXwS5k0d+

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      4694fd27bdbf5b240daf20026ddd2d12a9ddaa3dd2b8b5a60d2fe48da16865f3

    • Size

      102KB

    • MD5

      740ddd0b5dfd217121428c94d1e7960f

    • SHA1

      5662dfeb414bacc6e47de591942a8a05f9ff20da

    • SHA256

      4694fd27bdbf5b240daf20026ddd2d12a9ddaa3dd2b8b5a60d2fe48da16865f3

    • SHA512

      8e2468bb5a1e78e20603cccd5eac3c960f13189e723310f52da6aa5cb2981459b03c5ca6e02f4f0b94fef618cc62acc02c0117451705739f76d81825d59c0f89

    • SSDEEP

      1536:sFFFpvkkj5pWVbrzlv7ITkR62lGM88wcJtXwRvM2M/MHUd+:SWVbrzh7ITk9tjDJtXwS5k0d+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks