Overview

overview

10

Static

static

8

6443eaa2c7...6c.xls

windows7-x64

10

6443eaa2c7...6c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6443eaa2c7ec9f03cb6545753effebf8b2b5e18be3b11f1b69332dac6573876c

  • Size

    163KB

  • Sample

    221126-dnn75sbh2s

  • MD5

    93266df4948c2d1c93c5b1b581d009b2

  • SHA1

    a7a9236d7427953d0faf61dbc49ee29c45c1f354

  • SHA256

    6443eaa2c7ec9f03cb6545753effebf8b2b5e18be3b11f1b69332dac6573876c

  • SHA512

    234d3fb9362f499f6d41b4d29d06e5918060403eb82da7bd3dbb4718341befd024bb0727da4a96e32f318dca9f6d5c09456ab82d7321febc6e0cf18e974c9a1a

  • SSDEEP

    3072:QauLUEbdhZIcaOYMGyDPJi+IzUkGHmwFgpPnLTNYNVLSArh3u+BQVGXBI6GNhKXl:fMGyDPJi+IzUkGHsos+B3

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      6443eaa2c7ec9f03cb6545753effebf8b2b5e18be3b11f1b69332dac6573876c

    • Size

      163KB

    • MD5

      93266df4948c2d1c93c5b1b581d009b2

    • SHA1

      a7a9236d7427953d0faf61dbc49ee29c45c1f354

    • SHA256

      6443eaa2c7ec9f03cb6545753effebf8b2b5e18be3b11f1b69332dac6573876c

    • SHA512

      234d3fb9362f499f6d41b4d29d06e5918060403eb82da7bd3dbb4718341befd024bb0727da4a96e32f318dca9f6d5c09456ab82d7321febc6e0cf18e974c9a1a

    • SSDEEP

      3072:QauLUEbdhZIcaOYMGyDPJi+IzUkGHmwFgpPnLTNYNVLSArh3u+BQVGXBI6GNhKXl:fMGyDPJi+IzUkGHsos+B3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks