Overview

overview

10

Static

static

8

f3c4ff5ee8...0f.xls

windows7-x64

10

f3c4ff5ee8...0f.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3c4ff5ee8123f74d233f068a7186c8a22bcd1cdbe6475654345fc76870bd20f

  • Size

    60KB

  • Sample

    221126-dn3qjagf26

  • MD5

    fea69535764564efcb07963a420dcb4b

  • SHA1

    eb7762cc19a586e06594aed9804c1af7106d7ecd

  • SHA256

    f3c4ff5ee8123f74d233f068a7186c8a22bcd1cdbe6475654345fc76870bd20f

  • SHA512

    8c2e8f23b17e736ef0553c2590a0954a8fdfde461be107b6d0bf4d33ed72e8c1413d2ad26db320613574142779a8f8a2be24c3231db0974291c3638fb8d3ecaf

  • SSDEEP

    1536:sIIIGxPTr6FaSkLu6pAJqNuYKl6Nc7yRzs1H75wkZUiEfClsQ6NqTBun5oAKG6EI:KKl6Nc7yRzs1H75wkZUgsQ6NqTBun5oE

Score
10/10
macromacro_on_actionxlm

Malware Config

Targets

    • Target

      f3c4ff5ee8123f74d233f068a7186c8a22bcd1cdbe6475654345fc76870bd20f

    • Size

      60KB

    • MD5

      fea69535764564efcb07963a420dcb4b

    • SHA1

      eb7762cc19a586e06594aed9804c1af7106d7ecd

    • SHA256

      f3c4ff5ee8123f74d233f068a7186c8a22bcd1cdbe6475654345fc76870bd20f

    • SHA512

      8c2e8f23b17e736ef0553c2590a0954a8fdfde461be107b6d0bf4d33ed72e8c1413d2ad26db320613574142779a8f8a2be24c3231db0974291c3638fb8d3ecaf

    • SSDEEP

      1536:sIIIGxPTr6FaSkLu6pAJqNuYKl6Nc7yRzs1H75wkZUiEfClsQ6NqTBun5oAKG6EI:KKl6Nc7yRzs1H75wkZUgsQ6NqTBun5oE

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks