Overview

overview

10

Static

static

8

4f0a5d5aaa...07.xls

windows7-x64

10

4f0a5d5aaa...07.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f0a5d5aaa620860dcebc0341d6782ebcf39a68d65d88febb5bf48e29ed22f07

  • Size

    105KB

  • Sample

    221126-2bz1wadc6z

  • MD5

    1f60e295d5ea7925d7169c021222aceb

  • SHA1

    13f745e10a098ca80cc040c12ade5f5fb6ae20a3

  • SHA256

    4f0a5d5aaa620860dcebc0341d6782ebcf39a68d65d88febb5bf48e29ed22f07

  • SHA512

    622bbe0ccc93aff647a1fb2824c1094ab18c56c7faf958bcfe9eb091f2dcbbd337e2998f60e32787097ab2711a63f83c5828a642bd83b927c5838a331610d176

  • SSDEEP

    3072:Ix1gxv7yZmspH7+cclKiscI4ukoRWGN8Jp3yZ7ulWVbrzQ7ITkDZvn1VzUu1qJt5:c1gxv7yZmspH7+cclKiscI4ukoRWGN8y

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      4f0a5d5aaa620860dcebc0341d6782ebcf39a68d65d88febb5bf48e29ed22f07

    • Size

      105KB

    • MD5

      1f60e295d5ea7925d7169c021222aceb

    • SHA1

      13f745e10a098ca80cc040c12ade5f5fb6ae20a3

    • SHA256

      4f0a5d5aaa620860dcebc0341d6782ebcf39a68d65d88febb5bf48e29ed22f07

    • SHA512

      622bbe0ccc93aff647a1fb2824c1094ab18c56c7faf958bcfe9eb091f2dcbbd337e2998f60e32787097ab2711a63f83c5828a642bd83b927c5838a331610d176

    • SSDEEP

      3072:Ix1gxv7yZmspH7+cclKiscI4ukoRWGN8Jp3yZ7ulWVbrzQ7ITkDZvn1VzUu1qJt5:c1gxv7yZmspH7+cclKiscI4ukoRWGN8y

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks