ee30cd836329c2da9a0409babf00481912e8612435f215adc4e355bb3bc5c943 | Triage

Sharing

General

Target

ee30cd836329c2da9a0409babf00481912e8612435f215adc4e355bb3bc5c943
Size

174KB
Sample

221126-dntgvsbh2t
MD5

76641b1c40faf55d9786899f0974b706
SHA1

06835f635c2defe369c3134933e335e9e0db7812
SHA256

ee30cd836329c2da9a0409babf00481912e8612435f215adc4e355bb3bc5c943
SHA512

913e24d5ae02110c8fec954549971c896be092f79b0805432fe9f0605fe8ba34eb36a707dc28f5fa8649e8425effd0b92b090c542e46c138ec0b781845aa6381
SSDEEP

3072:wzAKfdGB3MPe7+bFMmYJ5UNDThAXe+OEjiMQu6qh2EPqcferXTkvLOmbzTdqIiwX:lKFGXasW9hAXe7EjRUaBPzOI0fi

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  2013年上学生住宿信息公示/交通运输部住校生意向表.xls
- Size
  
  246KB
- MD5
  
  c591ed07be8898f0ab488c72ea660a97
- SHA1
  
  e57f6fab9a16e3646d428e47e21e4decf4dd9640
- SHA256
  
  77e581f9d9191f8951bd420cb8fafed722f3372ff2d8769e664b8426052ae34a
- SHA512
  
  fc9efce0ea4ca2b4c5e151b6be812b9bacafe0e894904a8187b6d45249a409b9af5e059d18d469b271bee7e7546be61d881ba631ce850dee5f069c2c0e7aa82c
- SSDEEP
  
  3072:16d9cOrhYxL6R4X29mBHb1AURKf7wWVbrE7ITk9SAJtXwY4NZ:16d9cOViHpbRKf7Ww
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2
- Target
  
  2013年上学生住宿信息公示/商务信息部住校生意向表.xls
- Size
  
  238KB
- MD5
  
  7c24257cb1f19d9fe394badacb3042c3
- SHA1
  
  99010bb14c652fd52ddb6741af088db8a235664f
- SHA256
  
  a9cd9a4b06a19b06652322bfffdced032c3f0a62febdb843710eeb1ac429e575
- SHA512
  
  c7fbd0ed516c8f1f491d49f660426d6e8d3ffee8ec28d176152db6a4fe68b796a7db0685de3a026756a8741083904113800c333207ec92835dd0f456f74daa34
- SSDEEP
  
  3072:DMTfveRF1qINGfr42jcc0lbxOKtAJtXw34:DMTfveRF1qYcV
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral3 behavioral4
- Target
  
  2013年上学生住宿信息公示/文化艺术部部住校生意向表.xls
- Size
  
  260KB
- MD5
  
  38d711ad89627fd7045b1e9f90254406
- SHA1
  
  cc1f3800840aa1f9498c1cefb8edf3f044cce171
- SHA256
  
  1bd0caf3cec1eeb412db45f0b242375118f7c3356e540334eeee89d70fc4d379
- SHA512
  
  cad23fd4390d3aa271d6c0432b765f157e93616d9423848e13bbfb4aa02add44ecf2b19e5dbda1b7199228d485da72fdf1fa49603ffa9c4f5d1671bf5c09a1e1
- SSDEEP
  
  3072:l90RCuHF9XzI4QHAawFg4KQX0Gy2jcc0lbxOK103L3FoJtXw8S:H08WHzTY1EgpQX0G3L3Y
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral5 behavioral6
- Target
  
  2013年上学生住宿信息公示/旅游服务部住校生意向表.xls
- Size
  
  183KB
- MD5
  
  d0b549524a1a0918a9152e690f3d59fb
- SHA1
  
  b63bfb3f7ebfe0b10d288b0254b862cb9afdda65
- SHA256
  
  d76b03ff5e685d40a5056cb70c46a3ac9313afbe40fe04c36fb27fdd0f86bc9b
- SHA512
  
  d855eb74ba06fdee12a479e8165cda508aae9f09612c2d7f0f6e75c7c33905f19d0d09c53dea5ae19713da9d8da7293705375bfa36b84b801f6ca519368cf31b
- SSDEEP
  
  3072:xdyug0R5BVhj2jcc0lbxOKIu8JtXwric:xdyu3R5BVhE4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8