Overview

overview

10

Static

static

8

77e581f9d9...4a.xls

windows7-x64

10

77e581f9d9...4a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77e581f9d9191f8951bd420cb8fafed722f3372ff2d8769e664b8426052ae34a

  • Size

    246KB

  • Sample

    221126-dnl3sabg9v

  • MD5

    c591ed07be8898f0ab488c72ea660a97

  • SHA1

    e57f6fab9a16e3646d428e47e21e4decf4dd9640

  • SHA256

    77e581f9d9191f8951bd420cb8fafed722f3372ff2d8769e664b8426052ae34a

  • SHA512

    fc9efce0ea4ca2b4c5e151b6be812b9bacafe0e894904a8187b6d45249a409b9af5e059d18d469b271bee7e7546be61d881ba631ce850dee5f069c2c0e7aa82c

  • SSDEEP

    3072:16d9cOrhYxL6R4X29mBHb1AURKf7wWVbrE7ITk9SAJtXwY4NZ:16d9cOViHpbRKf7Ww

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      77e581f9d9191f8951bd420cb8fafed722f3372ff2d8769e664b8426052ae34a

    • Size

      246KB

    • MD5

      c591ed07be8898f0ab488c72ea660a97

    • SHA1

      e57f6fab9a16e3646d428e47e21e4decf4dd9640

    • SHA256

      77e581f9d9191f8951bd420cb8fafed722f3372ff2d8769e664b8426052ae34a

    • SHA512

      fc9efce0ea4ca2b4c5e151b6be812b9bacafe0e894904a8187b6d45249a409b9af5e059d18d469b271bee7e7546be61d881ba631ce850dee5f069c2c0e7aa82c

    • SSDEEP

      3072:16d9cOrhYxL6R4X29mBHb1AURKf7wWVbrE7ITk9SAJtXwY4NZ:16d9cOViHpbRKf7Ww

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks