Overview

overview

10

Static

static

8

c74131d1c4...b3.xls

windows7-x64

10

c74131d1c4...b3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c74131d1c4756638c90443071a9b5feacaf574bcccef52771cdc34b0228d03b3

  • Size

    197KB

  • Sample

    221126-dnskkage87

  • MD5

    f6b78f6678531ba218d087df844c7f2a

  • SHA1

    d0fc1ae76f794175c4e1e3c10d96ff638e0fb9e7

  • SHA256

    c74131d1c4756638c90443071a9b5feacaf574bcccef52771cdc34b0228d03b3

  • SHA512

    5b743752e03e4cedd31760c997046cad97ed5e2a8c3f8b61ddce5a7c056aa776370c833fdab646689e3b9461eb5558abd4ac5ac82bfb289776b958a5d04ebcd6

  • SSDEEP

    3072:QQ6o/lbBt0HOho7iaHZbj0ZAZI03b4MJnClmn62jcc0lbxOrIIEJtXwKH:VOJQKy

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c74131d1c4756638c90443071a9b5feacaf574bcccef52771cdc34b0228d03b3

    • Size

      197KB

    • MD5

      f6b78f6678531ba218d087df844c7f2a

    • SHA1

      d0fc1ae76f794175c4e1e3c10d96ff638e0fb9e7

    • SHA256

      c74131d1c4756638c90443071a9b5feacaf574bcccef52771cdc34b0228d03b3

    • SHA512

      5b743752e03e4cedd31760c997046cad97ed5e2a8c3f8b61ddce5a7c056aa776370c833fdab646689e3b9461eb5558abd4ac5ac82bfb289776b958a5d04ebcd6

    • SSDEEP

      3072:QQ6o/lbBt0HOho7iaHZbj0ZAZI03b4MJnClmn62jcc0lbxOrIIEJtXwKH:VOJQKy

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks