Overview

overview

10

Static

static

8

清单表/...��.xls

windows7-x64

10

清单表/...��.xls

windows10-2004-x64

10

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

10

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...��.xls

windows7-x64

1

清单表/...��.xls

windows10-2004-x64

1

清单表/...�).xls

windows7-x64

1

清单表/...�).xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d737d75014ab76dcb324d2d090200e0609fc5b056a66a170f86c3b7eeb327f6c

  • Size

    157KB

  • Sample

    221126-dnzzmsge99

  • MD5

    bf31791bda2defb1a6febaf722e71c9a

  • SHA1

    533f36deb67410312d5ea60b7798053946b05edb

  • SHA256

    d737d75014ab76dcb324d2d090200e0609fc5b056a66a170f86c3b7eeb327f6c

  • SHA512

    b113f0c778fa663d8ebf630f073be1394061cc0d00f7f31049de7c9ecad6f1026c0bfa9141d67030156b9f2bee1cd01ca37f146fbd298c19e8a8ffbf68f3e857

  • SSDEEP

    3072:GmZY8ZkqIGnQKkW6yAaVpB+5ipfERJ+3T1e7dv9JWAeJeyA7BjE2Ca9MWLOqe:GQnZkqHTkW6yhVp66fEyD1Wv9AwxEjAw

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      清单表/中国工商银行股份有限公司阳江分行营业综合用房及地下停车场基坑支护工程/中国工商银行股份有限公司阳江分行营业综合用房及地下停车场基坑支护工程.xls

    • Size

      133KB

    • MD5

      5dc23c1bb522f648a3378927810144f9

    • SHA1

      63bc0c9254d171c58112b1ddc68ada977adc4492

    • SHA256

      43d4bb7a5498ca535c4ae3daedf83858812b87bae3ad8e63fd616170f53fda4c

    • SHA512

      5d7e7d733799d3df9bb142ae490d9a2be73eb332293ec7dbbd405b7b5d105a3cd8095e1c290aea83ca5557895339a28b51b4177dd6ea05d811b22ce8812ab42f

    • SSDEEP

      1536:NpbrbuT5D8JJJ2ARaTraw83iU2jcc0lbxOvTgZ80I/cJtXwPvS:uAN2jcc0lbxOrwIEJtXwnS

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

    • Target

      清单表/工行阳江分行地下停车场 安装工程/工行阳江分行地下停车场 安装工程.xls

    • Size

      69KB

    • MD5

      6007431b2b27e83999a7fde41df3d6ca

    • SHA1

      09b77623ddcbf62738a655c4e66ca3fb9cbb61fa

    • SHA256

      1427cca5fcd40856bd4b454be8b99a98adfba8687c6cce2129479b6fafc54d51

    • SHA512

      0acc13c7d64981fe249f62bbd31f45820d792adf76ad36a9c78d4ea894edb99ea9d05850fff6e68e0f8ca60cd518ca06fe8b6e1686beba522feb5ae4142febf9

    • SSDEEP

      1536:HP/Aw6YRrFqUUJJJJJJJJzOf8yL+MpC/K6OHctfuvaTQkXPbv/t:JP6OHctfuvaxTV

    Score
    1/10
    behavioral3behavioral4

    • Target

      清单表/工行阳江分行地下停车场 消防工程/工行阳江分行地下停车场 消防工程.xls

    • Size

      83KB

    • MD5

      ea7cae63430b6efdb067a79c27b3497d

    • SHA1

      d3bedd9e70699663e1e4326f6e7f195d63e297f9

    • SHA256

      f37cb24cb46b9dd318d51730cf04e5b77a36de31f1f164d4a1fc3d9d3b6f333e

    • SHA512

      e4d9b54c6350c1abf32237ebd012f9ff63918a4509b1677d031de300acf2575a6c0268402a1b0e30c06931e3945d2bc006f6bcf7ef4579ecf030f76595af84d6

    • SSDEEP

      1536:fTJP/Aw6YRFu94ivSlTXXJJJJJJJJP8WpXkzn5MdWHRnfu30TiU/59Vo7S1t:UvhidWHRnfukTiU/51

    Score
    1/10
    behavioral5behavioral6

    • Target

      清单表/工行阳江分行地下停车场 防雷工程/工行阳江分行地下停车场 防雷工程.xls

    • Size

      53KB

    • MD5

      3f0835b9b007404cf26d42e0863b5edc

    • SHA1

      281c1dcb0c0dab20f6af9a3ff55e90f6869eda75

    • SHA256

      992c7b90a47d7f816c86f328b26eb1dfaaeaae22e618b74e080a27607b62661c

    • SHA512

      48ac248a61414441f61e74f96202252b5cde8049173e085aa43b182a74ff86607383c59e3f69a5090ac3ac1074225466ca6d92855259584361d4e8155ecc434b

    • SSDEEP

      768:RMJJJJJJJJJJFP/Aw6YRQDStsumcE3WeljP5XDQmchNfmAYTqoo4Jjt+4n:RMJJJJJJJJJJFP/Aw6YRKJSejQ7eVHn

    Score
    1/10
    behavioral7behavioral8

    • Target

      清单表/工行阳江分行地下停车场/工行阳江分行地下停车场.xls

    • Size

      197KB

    • MD5

      f6b78f6678531ba218d087df844c7f2a

    • SHA1

      d0fc1ae76f794175c4e1e3c10d96ff638e0fb9e7

    • SHA256

      c74131d1c4756638c90443071a9b5feacaf574bcccef52771cdc34b0228d03b3

    • SHA512

      5b743752e03e4cedd31760c997046cad97ed5e2a8c3f8b61ddce5a7c056aa776370c833fdab646689e3b9461eb5558abd4ac5ac82bfb289776b958a5d04ebcd6

    • SSDEEP

      3072:QQ6o/lbBt0HOho7iaHZbj0ZAZI03b4MJnClmn62jcc0lbxOrIIEJtXwKH:VOJQKy

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral10behavioral9

    • Target

      清单表/工行阳江分行营业综合用房 (地上部分) 安装工程/工行阳江分行营业综合用房 (地上部分) 安装工程.xls

    • Size

      98KB

    • MD5

      1c53946c76057bf5c4eeb1e3f019730a

    • SHA1

      65586b4b8c63b7d8a48958cf53eb05aca04ca213

    • SHA256

      83c18a70c0a273f60bea15f8fc6c8527fc9c3d240d1cd66b9fdc6f63780244f9

    • SHA512

      c796f0bdd0293832eec4b7baa6477432d139eb6bf2a2c5e93160cd0257cabe36004ffb32ca3b69e3ee060e2850d5d4e0199f3500173681c70d651e91d63a0bf1

    • SSDEEP

      1536:6P/Aw6YRpubT94SlWXXJJJJJJJJc8UpOf2RhpKyKJHnWfujnHNIrvxlVmcPtt:62gyKJHnWfujnHNI7xlv

    Score
    1/10
    behavioral11behavioral12

    • Target

      清单表/工行阳江分行营业综合用房 (地上部分) 消防工程/工行阳江分行营业综合用房 (地上部分) 消防工程.xls

    • Size

      74KB

    • MD5

      91ed9e2a0ac7f30f9be794fa101013be

    • SHA1

      0f11fed8df96bb5550c7c2d1648f0f7ea72c9c5e

    • SHA256

      39f3e967dc222624b68f86bad078d04ddce54b5e82a5790385f087a23def2c54

    • SHA512

      a7dc73166ff8ebe16bd5ca30359d474dd6a8fea671844358d088f76e9d234f4382eae52fc1360404868a0cfd1e0a005a3490c9c0a9c60100a7c3ecd5727f90cb

    • SSDEEP

      1536:UQP/Aw6YRnFp9v7UUJJJJJJJJTfeyDLbZyKy+9k3exYrWISEgPjI7Zu98t:hv7y+9k3exYrWISEgPO

    Score
    1/10
    behavioral13behavioral14

    • Target

      清单表/工行阳江分行营业综合用房 (地上部分) 防雷工程/工行阳江分行营业综合用房 (地上部分) 防雷工程.xls

    • Size

      53KB

    • MD5

      35bd4eb2f94ebc293e55ba6224390511

    • SHA1

      447bec0b0bc1ca5efa32fd964313246f02e9465d

    • SHA256

      100251a6fe3c7c909c84aa40b977d434d76b21cb1eac8623db88b2b2b559101d

    • SHA512

      11939d53deab061d2ac4b6f00d94851642f7e6fbfdbab85b92c1f14c19088888a1caf60d2a6a08f7c68347f8ea58cdee0f6b6c97fd9a05df7c30ca4a3b4acfa6

    • SSDEEP

      1536:uRbJJJJJJJJJJ8P/Aw6YRkaTkejlENIAWn:+m

    Score
    1/10
    behavioral15behavioral16

    • Target

      清单表/工行阳江分行营业综合用房 (地上部分)/工行阳江分行营业综合用房 (地上部分).xls

    • Size

      127KB

    • MD5

      464ec56ced84d9bb115e1cd03edf2cd5

    • SHA1

      c81c1865b84303d2fa50d479e4d17bd5f46c03fd

    • SHA256

      07902827b77edb1ce3925a19b0a24b2d2071f7da0120ac0e81c3723308608ae6

    • SHA512

      cc910d3eff7e1aa7c9d0940b5b4b256f786e3d1a8c235e28716550d7762b52cfefc8333ab36774bb79108156b255e98d21987ad169801a7afb8b0f0f02fcf860

    • SSDEEP

      3072:WgWgGXoWoC0x/cFizQK4WHiaRKcS29B6Yb07NRaH0hO7oFbsEYX:MUdp9BqQr

    Score
    1/10
    behavioral17behavioral18

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

9
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

17
T1012

System Information Discovery

17
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks