Overview

overview

10

Static

static

8

3b65f45b8e...a6.xls

windows7-x64

10

3b65f45b8e...a6.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b65f45b8ef1ae7e290bd79f6b4be830b8dcd3dd53ce4b2f3086c356170710a6

  • Size

    88KB

  • Sample

    221125-xs4m6sbh7v

  • MD5

    a3ca7b671b6451cdcafd8f47a4e88e75

  • SHA1

    a508ac5d96b1526c37a808f886c06dfe068fe5e9

  • SHA256

    3b65f45b8ef1ae7e290bd79f6b4be830b8dcd3dd53ce4b2f3086c356170710a6

  • SHA512

    85c144a33fdefe5e3b38d4a6b163a844b44605ee3ad60d664d31dcafbe622e35f55095e8b4929cce6e50ff5a7f18ff8064b1dccddd12c493cead5fa51c1f1fe9

  • SSDEEP

    1536:i222y9MfecOg2jcc0lbxOvTgZsLcY7nJdFoOGIayWU2XKgb/:qg2jcc0lbxOr/p8baq/

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      3b65f45b8ef1ae7e290bd79f6b4be830b8dcd3dd53ce4b2f3086c356170710a6

    • Size

      88KB

    • MD5

      a3ca7b671b6451cdcafd8f47a4e88e75

    • SHA1

      a508ac5d96b1526c37a808f886c06dfe068fe5e9

    • SHA256

      3b65f45b8ef1ae7e290bd79f6b4be830b8dcd3dd53ce4b2f3086c356170710a6

    • SHA512

      85c144a33fdefe5e3b38d4a6b163a844b44605ee3ad60d664d31dcafbe622e35f55095e8b4929cce6e50ff5a7f18ff8064b1dccddd12c493cead5fa51c1f1fe9

    • SSDEEP

      1536:i222y9MfecOg2jcc0lbxOvTgZsLcY7nJdFoOGIayWU2XKgb/:qg2jcc0lbxOr/p8baq/

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks