Overview

overview

10

Static

static

8

2014年广...��.xls

windows7-x64

10

2014年广...��.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed1d12ac93595bb0bdd93791112b174f9882c88dbadc7d06b1081ec055fec868

  • Size

    43KB

  • Sample

    221126-dnyftabh2z

  • MD5

    315dccdf4b4d89c28a2ebdf9439b75ad

  • SHA1

    2d373ec1e8aff1a1a4c14cee4b213e43f000a569

  • SHA256

    ed1d12ac93595bb0bdd93791112b174f9882c88dbadc7d06b1081ec055fec868

  • SHA512

    c3e7e83b49d5ad01f62815bce2a0eb2e5878c68f26d5172ac305d956140608412c78e7c549907a35efae80b1f3ccf45eede1385161233b9527d902db6039bf15

  • SSDEEP

    768:vPpstrAIfSc78LGgk5eh25gjFZX/9fohUatwuC2Y/CUPIf8HY50:3pstUIfS3LGAh25gjFt/IauCP/ON+

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      2014年广西政法干警招录培养体制改革试点工作招录培养计划表.xls

    • Size

      163KB

    • MD5

      93266df4948c2d1c93c5b1b581d009b2

    • SHA1

      a7a9236d7427953d0faf61dbc49ee29c45c1f354

    • SHA256

      6443eaa2c7ec9f03cb6545753effebf8b2b5e18be3b11f1b69332dac6573876c

    • SHA512

      234d3fb9362f499f6d41b4d29d06e5918060403eb82da7bd3dbb4718341befd024bb0727da4a96e32f318dca9f6d5c09456ab82d7321febc6e0cf18e974c9a1a

    • SSDEEP

      3072:QauLUEbdhZIcaOYMGyDPJi+IzUkGHmwFgpPnLTNYNVLSArh3u+BQVGXBI6GNhKXl:fMGyDPJi+IzUkGHsos+B3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks