Overview

overview

10

Static

static

8

3a266e9c01...89.xls

windows7-x64

10

3a266e9c01...89.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a266e9c0146b85916c7a5e468a28b93268dea35e755469434cf359a4c2a1289

  • Size

    164KB

  • Sample

    221126-q3aphsge89

  • MD5

    04721b94e33924afac3db810a7a66cb6

  • SHA1

    bcf69a822401ad55bf1470546ab5d1ec29bc4028

  • SHA256

    3a266e9c0146b85916c7a5e468a28b93268dea35e755469434cf359a4c2a1289

  • SHA512

    32c917ad91a4d339e016e2c4adb816ee25cff5e7b4744c7e8e33c9b31f5ae371348406f2dd12cac6b8407971ab21e6305bce0a2e8be49620150e59e729cd06bd

  • SSDEEP

    3072:1GTLPexEOH0bENen5EKfv9C3Vfy2nfdqdWVbrzI47ITk9DcbA5kf7us:1GfexNeam9a59q9NBus

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      3a266e9c0146b85916c7a5e468a28b93268dea35e755469434cf359a4c2a1289

    • Size

      164KB

    • MD5

      04721b94e33924afac3db810a7a66cb6

    • SHA1

      bcf69a822401ad55bf1470546ab5d1ec29bc4028

    • SHA256

      3a266e9c0146b85916c7a5e468a28b93268dea35e755469434cf359a4c2a1289

    • SHA512

      32c917ad91a4d339e016e2c4adb816ee25cff5e7b4744c7e8e33c9b31f5ae371348406f2dd12cac6b8407971ab21e6305bce0a2e8be49620150e59e729cd06bd

    • SSDEEP

      3072:1GTLPexEOH0bENen5EKfv9C3Vfy2nfdqdWVbrzI47ITk9DcbA5kf7us:1GfexNeam9a59q9NBus

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks