Overview

overview

10

Static

static

8

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

1

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

答辩16�...��.xls

windows7-x64

10

答辩16�...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a77c980c1b6ad85ffb3f1e8e814f96e09d5033d82dce7ca2062b992372c85e6

  • Size

    363KB

  • Sample

    221125-x5sfnsch9x

  • MD5

    95cdca8d0f846a3a8ddd35cfd78b8f4e

  • SHA1

    3b6770589287956a87b1e7fee898dcee070db7a8

  • SHA256

    0a77c980c1b6ad85ffb3f1e8e814f96e09d5033d82dce7ca2062b992372c85e6

  • SHA512

    04c709ea4875aaa0f35bdde2028d2c6485a1eb2bde389b03b98258099ed1e74ac499cd3da8db767181f3d558f449b56ed2736cb6503dc428fc5926ece1cb4a36

  • SSDEEP

    6144:UosJVLW26+gTNeQRyeFLk32hOzbzJBrGPymmRPvwAAC0Ok1HeavM9cT2iNCXGAKs:UosnLWprRvFA2hO/9BiPyxRPvwAAC0Op

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      答辩16日第10组.xls

    • Size

      102KB

    • MD5

      740ddd0b5dfd217121428c94d1e7960f

    • SHA1

      5662dfeb414bacc6e47de591942a8a05f9ff20da

    • SHA256

      4694fd27bdbf5b240daf20026ddd2d12a9ddaa3dd2b8b5a60d2fe48da16865f3

    • SHA512

      8e2468bb5a1e78e20603cccd5eac3c960f13189e723310f52da6aa5cb2981459b03c5ca6e02f4f0b94fef618cc62acc02c0117451705739f76d81825d59c0f89

    • SSDEEP

      1536:sFFFpvkkj5pWVbrzlv7ITkR62lGM88wcJtXwRvM2M/MHUd+:SWVbrzh7ITk9tjDJtXwS5k0d+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

    • Target

      答辩16日第1组.xls

    • Size

      89KB

    • MD5

      e04396a6847dec1feed61fe3f75236d2

    • SHA1

      ce29f6f112a69cf833af95d9ad5bb2828a073a8e

    • SHA256

      b7bcd8b1615a74d01081f68a3ce030e71515f741fd824bbe579e822bde146c6e

    • SHA512

      73a2a31b7dd80353d2606998ec4071a65ae3a149f22a7e0f313580526846abfd004795742817d09c2772a4a4b48e0753f54ce43f08d2873c53c21f159538851e

    • SSDEEP

      1536:nzzzXhxslLTWVbrzQ7ISBnkR62lGM88ScJiXwc/dF:iWVbrzQ7I0k9tjhJiXwGdF

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral3behavioral4

    • Target

      答辩16日第2组.xls

    • Size

      92KB

    • MD5

      d5b5f9a2bbcd1dace2067604967cecf9

    • SHA1

      6dd5d8d7eb265aeba616ba0cf68f5e68cc408451

    • SHA256

      a9bf187a58a7182f5b9b061e6df7cb4b1d08d97bc79184534cbcbd18c98429e8

    • SHA512

      175ec07fb1d5ff3edea343501c9a7abf8e875d262f3ae6aacfb32368a51dc74a9def3f391f727bd19eff88b0ad4879f09ca1fffc3512d786b7c1e77a5cba47a0

    • SSDEEP

      1536:izzzXha7HJzAWDbrzQ7ITkbIOLA23IM88S/JtXwgodJ:YWDbrzQ7ITkEERj2JtXwddJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral5behavioral6

    • Target

      答辩16日第3组.xls

    • Size

      101KB

    • MD5

      a5e3491502361d5b7b742d962149e421

    • SHA1

      89910d498602555ea868761799144ef81d2c6579

    • SHA256

      07c0028a034ce65872090bab7c9bf48d0f468665eef1ad494a4cd734220d7212

    • SHA512

      6f9462733ab45ce9986e293db3192000bffd9b204733a988701a3bfa25bdc7def3e0f71aca69cebf4b4a2992f6d464ed79ac01a7760957bd989f9ccb008ee1f5

    • SSDEEP

      1536:1iiiG42R3ulqi9WVbrzQ7lSWTkR62lGM88DcJtXwRsM2M/MZyd6S:lEWVbrzQ7BTk9tjYJtXwJ5ksd/

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral7behavioral8

    • Target

      答辩16日第4组.xls

    • Size

      102KB

    • MD5

      bcd93d5d501b3d310bda5e16146e56a3

    • SHA1

      c5eb8d988c32ea4c86c7ac02f3ed1c6d73fc61bd

    • SHA256

      9c61948c892b5365ef02363b309f10da5916748e4da27acfb9386e02974d9899

    • SHA512

      bae554b45049fc599a1383705641c6821a5e857b33cffbe12895a65e2e5a224e4b56a81dc93ddc6defbfffe34d22bd15dfb9da7749cf54ef55250a5638a7a045

    • SSDEEP

      1536:8tttB3DgcYuWYWWVbrzlf7ITkR62lGM88wcJtXwRpM2M/MJkd8G:hWVbrzV7ITk9tjDJtXwk5k6dN

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral10behavioral9

    • Target

      答辩16日第5组.xls

    • Size

      91KB

    • MD5

      b058cb31647157b7580b0c437ecac2ef

    • SHA1

      a4abd2d31aadf839a19cb2ab8a79d98991bee167

    • SHA256

      6dd3bb33c666e7c81be63e218f26c88f77eee70a65524ff37c148c4da3573362

    • SHA512

      d5f017d960e71d453fe55255d72eb5d031b945e7eafabd0d6c75179059f6f7c17020fcebfca2ada982ee761b04824061526468fba37ea5361aaeb5ae41e4aaa3

    • SSDEEP

      1536:yiiiG4ebPv9WVHrzQ7ITkcKo62lGM88SdJtXw9x2dqRE:GWVHrzQ7ITkqtjIJtXw72dqRE

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral11behavioral12

    • Target

      答辩16日第6组.xls

    • Size

      91KB

    • MD5

      7ddca9abc349d44f1c7b1c15936cef81

    • SHA1

      fcae9e73cb428d380f19d61d72503d2809d707c2

    • SHA256

      839ea835bb76f39f715466a4202ca744296cefea697f759bf1fc187474ac5901

    • SHA512

      c95df966bf69a20a0500e79ad05f2dc238befa0fb85cb1a0a3fe3ff6d511eddb7a06a8fe80de92167998a10e7c529809fa361151b31306eea636cecf7d614011

    • SSDEEP

      1536:1888wOJytNnoWVbr3Q7ITkMXr62lGM88S4JtXwnjdd:JoWVbr3Q7ITk8tjNJtXwjdd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral13behavioral14

    • Target

      答辩16日第7组.xls

    • Size

      101KB

    • MD5

      2f424af4c436a6d478c427dbe7ac300a

    • SHA1

      dad41d786c8efbb59f53142b6575c7d0e9ba9dc5

    • SHA256

      9f6ecd64321955bc1fa80218a8edf38e80795b1718f2dcd6a04096dcca3c2ab9

    • SHA512

      f33002fa59bf675629181e43a99680d8b9d92b628352332236d0e3cbe4ddd981a2da887e1889683de582fd77c1bc23957a58927b747aa6760bfe9c51a91cb5e2

    • SSDEEP

      1536:G777PJtT1V3WVbrzQ7lSzTkR62lGM88DcJtXwRtM2M/MW1adQ:gWVbrzQ7UTk9tjYJtXwQ5ksadQ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral15behavioral16

    • Target

      答辩16日第8组.xls

    • Size

      102KB

    • MD5

      93783f383be84ba8c73478fc0cc425c5

    • SHA1

      0a14ba971d5d3d2db445f7c29b1660b8f70bcd1f

    • SHA256

      566b22ef9e58ca6066a8d54895f2aad05caf3522f1d31320360118313a45b3d6

    • SHA512

      ddf14ed1b7d1b88feb8ad82e939e03897ca787a56cc4fc11a77763eaa7e48fc58e09b6f0aee570f4985782c442244ad508b632977d5ebef6f9ed0d09cf20c7d1

    • SSDEEP

      1536:XWWWSkv4ct4N54WVbrzlS7ITkR62lGM88wcJtXwRHM2M/MCUdL:6WVbrz47ITk9tjDJtXwC5kPdL

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral17behavioral18

    • Target

      答辩16日第9组.xls

    • Size

      102KB

    • MD5

      2269705b0b0087eeeaa0e898ca3d6a58

    • SHA1

      e78bab8a55d6e9859455572f55061729f25ff9f1

    • SHA256

      418cbd99460c6c24ddd1aa7072e2a2a1d3c4a5546aa75d0e11b034015488b041

    • SHA512

      9ebd0a1820f06d5bccd3088a451c42f30d0edf17246ff3c7deb8d42c047e972d528310a8755fb965546700995f40754ef82c034f9d23370722250de0a35354ac

    • SSDEEP

      1536:LQQQca5QyDHBWVbrzlp7ITkR62lGM88wcJtXwRlM2M/M/EbdF:+WVbrz/7ITk9tjDJtXw45kYdF

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

10
T1158

Privilege Escalation

Defense Evasion

Modify Registry

10
T1112

Hidden Files and Directories

10
T1158

Credential Access

Discovery

Query Registry

20
T1012

System Information Discovery

20
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks