Overview

overview

10

Static

static

8

e2f6d46cc6...63.xls

windows7-x64

10

e2f6d46cc6...63.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e2f6d46cc696c8b2aa486b0f11595e363e5bff6c4c3a3bfb46db59e4e5eb3e63

  • Size

    110KB

  • Sample

    221126-27hrgacb79

  • MD5

    74f1c1b2ce1431325481ba927422f761

  • SHA1

    767d211641b14e8ebbbe013473767967b387bc43

  • SHA256

    e2f6d46cc696c8b2aa486b0f11595e363e5bff6c4c3a3bfb46db59e4e5eb3e63

  • SHA512

    95eba633bf241ae0179e447f8062a46b74cb6f238f375c136dfe4df2e32f417038bd581005a9672efca07108df5f4294d27724767087af90bd1e1f28bdf5082b

  • SSDEEP

    3072:9/1gxv7yZmspH7+cclKisUI4ukoRWGNOWVbrz+N+7ITkP5mww33XjUJtXwbMgV:p1gxv7yZmspH7+cclKisUI4ukoRWGNUG

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      e2f6d46cc696c8b2aa486b0f11595e363e5bff6c4c3a3bfb46db59e4e5eb3e63

    • Size

      110KB

    • MD5

      74f1c1b2ce1431325481ba927422f761

    • SHA1

      767d211641b14e8ebbbe013473767967b387bc43

    • SHA256

      e2f6d46cc696c8b2aa486b0f11595e363e5bff6c4c3a3bfb46db59e4e5eb3e63

    • SHA512

      95eba633bf241ae0179e447f8062a46b74cb6f238f375c136dfe4df2e32f417038bd581005a9672efca07108df5f4294d27724767087af90bd1e1f28bdf5082b

    • SSDEEP

      3072:9/1gxv7yZmspH7+cclKisUI4ukoRWGNOWVbrz+N+7ITkP5mww33XjUJtXwbMgV:p1gxv7yZmspH7+cclKisUI4ukoRWGNUG

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks