Overview

overview

10

Static

static

8

a9cd9a4b06...75.xls

windows7-x64

10

a9cd9a4b06...75.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9cd9a4b06a19b06652322bfffdced032c3f0a62febdb843710eeb1ac429e575

  • Size

    238KB

  • Sample

    221126-dnmz3sbg9w

  • MD5

    7c24257cb1f19d9fe394badacb3042c3

  • SHA1

    99010bb14c652fd52ddb6741af088db8a235664f

  • SHA256

    a9cd9a4b06a19b06652322bfffdced032c3f0a62febdb843710eeb1ac429e575

  • SHA512

    c7fbd0ed516c8f1f491d49f660426d6e8d3ffee8ec28d176152db6a4fe68b796a7db0685de3a026756a8741083904113800c333207ec92835dd0f456f74daa34

  • SSDEEP

    3072:DMTfveRF1qINGfr42jcc0lbxOKtAJtXw34:DMTfveRF1qYcV

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a9cd9a4b06a19b06652322bfffdced032c3f0a62febdb843710eeb1ac429e575

    • Size

      238KB

    • MD5

      7c24257cb1f19d9fe394badacb3042c3

    • SHA1

      99010bb14c652fd52ddb6741af088db8a235664f

    • SHA256

      a9cd9a4b06a19b06652322bfffdced032c3f0a62febdb843710eeb1ac429e575

    • SHA512

      c7fbd0ed516c8f1f491d49f660426d6e8d3ffee8ec28d176152db6a4fe68b796a7db0685de3a026756a8741083904113800c333207ec92835dd0f456f74daa34

    • SSDEEP

      3072:DMTfveRF1qINGfr42jcc0lbxOKtAJtXw34:DMTfveRF1qYcV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks