Overview

overview

10

Static

static

8

4821cfcfaf...fd.xls

windows7-x64

10

4821cfcfaf...fd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4821cfcfaf6e685f7e24df77910ddd0dfad19224d5e7bbe596cd860d943ffbfd

  • Size

    155KB

  • Sample

    221125-x5p1jsch9t

  • MD5

    254ee0cd963a1500de7f11d4155e9179

  • SHA1

    ff68e4f84e649e45728d89f19a09d128a795d320

  • SHA256

    4821cfcfaf6e685f7e24df77910ddd0dfad19224d5e7bbe596cd860d943ffbfd

  • SHA512

    c42a64427cd4a979c53919eec57c1750cbd8794187244ab7a3435d289b9e65a053d6810d5ec040eb260f902bb5c9a2a3e7b98d3778fe25c4bb4c85338c35bd6f

  • SSDEEP

    3072:GXrRuXDWVbrzQ7k5xTkcyYJtXw65kAPp6:Oo4fR

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      4821cfcfaf6e685f7e24df77910ddd0dfad19224d5e7bbe596cd860d943ffbfd

    • Size

      155KB

    • MD5

      254ee0cd963a1500de7f11d4155e9179

    • SHA1

      ff68e4f84e649e45728d89f19a09d128a795d320

    • SHA256

      4821cfcfaf6e685f7e24df77910ddd0dfad19224d5e7bbe596cd860d943ffbfd

    • SHA512

      c42a64427cd4a979c53919eec57c1750cbd8794187244ab7a3435d289b9e65a053d6810d5ec040eb260f902bb5c9a2a3e7b98d3778fe25c4bb4c85338c35bd6f

    • SSDEEP

      3072:GXrRuXDWVbrzQ7k5xTkcyYJtXw65kAPp6:Oo4fR

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks