Overview

overview

10

Static

static

8

8deef7f3fd...23.xls

windows7-x64

10

8deef7f3fd...23.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8deef7f3fd6e2cd3f2c2157aa0e4852afdc936ec5e4ba74958d566df7140f123

  • Size

    80KB

  • Sample

    221126-xatp9aaa2z

  • MD5

    dca7db19ef4ced6b37cbbfd863dfe262

  • SHA1

    09236c00aa9215dfbf4dbd5434f8a94a98d460b7

  • SHA256

    8deef7f3fd6e2cd3f2c2157aa0e4852afdc936ec5e4ba74958d566df7140f123

  • SHA512

    4ca5ab2728d05fcc2f293cd7aa1901f2ceb134d589d3d68042dc366ee051fd9f432a7d82c6d3c1929eedcf6c1c46ac7311bb7eef5ddacbbd5abdb8aaf40c3fa1

  • SSDEEP

    1536:5eeeqi17DS2jcc0lbxOvTgZBuITWWt2XKCZCt1:Y82jcc0lbxOrhISalt1

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      8deef7f3fd6e2cd3f2c2157aa0e4852afdc936ec5e4ba74958d566df7140f123

    • Size

      80KB

    • MD5

      dca7db19ef4ced6b37cbbfd863dfe262

    • SHA1

      09236c00aa9215dfbf4dbd5434f8a94a98d460b7

    • SHA256

      8deef7f3fd6e2cd3f2c2157aa0e4852afdc936ec5e4ba74958d566df7140f123

    • SHA512

      4ca5ab2728d05fcc2f293cd7aa1901f2ceb134d589d3d68042dc366ee051fd9f432a7d82c6d3c1929eedcf6c1c46ac7311bb7eef5ddacbbd5abdb8aaf40c3fa1

    • SSDEEP

      1536:5eeeqi17DS2jcc0lbxOvTgZBuITWWt2XKCZCt1:Y82jcc0lbxOrhISalt1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks