Overview

overview

10

Static

static

8

英语.xls

windows7-x64

10

英语.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e2b9a87d5700baa554e1ea505583b3171383afb51abd29b1c58a5b5ca0e24d0

  • Size

    46KB

  • Sample

    221126-dpbnfagf36

  • MD5

    6e8bd73c62fe18bf1759ee177bf72f60

  • SHA1

    3cca3926766a5b5211a3d3d2a133b9a0bc3774e9

  • SHA256

    1e2b9a87d5700baa554e1ea505583b3171383afb51abd29b1c58a5b5ca0e24d0

  • SHA512

    c82168fa0cc7c59297af0d8b5cf555879b25db49c31260a27e178b7bc29f79df84f21fe2b8cbfb7f715924b867a014cb569d2d3c966ec01a492d90ec6d60042b

  • SSDEEP

    768:FBOAJDnLN3jXPBlU+PihfwV3h7OYWANRjkp0ut/dywip80M+viveDFZeOJvYnj/g:FBOAJDlPB2ThfwV3hOYWALI0uhd1mivK

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      英语.xls

    • Size

      137KB

    • MD5

      3ad1cb077fb9f185f4c3fab46866959a

    • SHA1

      80f2befef95a4dc0adfccecb5d954b6b9d6d5424

    • SHA256

      45dc9013197a06c850ec744b62752731f43e8be34a0333e47206a77482046571

    • SHA512

      33b16b0b640a86f614e7c2ab85202f227be0ee4b1ac8e644f7d230caf14bea1a570e261f1a1dbd724cf0a5318f5c8368a6f47f3d4df214ea8c8bf34183f071b7

    • SSDEEP

      3072:IwZGG/qpcYkylWVbrzQ7ITkGt6yDWBQn6KNL7:cWYytb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks