Overview

overview

10

Static

static

8

e7e6162eff...a0.xls

windows7-x64

10

e7e6162eff...a0.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7e6162eff6b68db926b197d0f4e1937d63807434b2cb97b412083f9ad405fa0

  • Size

    141KB

  • Sample

    221126-yvg3mabb69

  • MD5

    377b29210ecd03fef40afbdffb3c03ba

  • SHA1

    6922d16863906e2d6843e18a7a501b64c0474ab2

  • SHA256

    e7e6162eff6b68db926b197d0f4e1937d63807434b2cb97b412083f9ad405fa0

  • SHA512

    bbf6f14b32134500ffda0a1602e6233a02ecc409ba8e0659a066cefd973f331abab16e4520ab9c83413d8518f98b3384c14c964015285bff0f5b7b76980a8ad4

  • SSDEEP

    3072:ubl6Nc7yRzs1H75wkZUgsQ6NqTBun5oq3Ke+U2jcc0lbxOrtRsLn:Ul6Nc7yRzs1H75wkZUgsQ6NqTBun5oqI

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      e7e6162eff6b68db926b197d0f4e1937d63807434b2cb97b412083f9ad405fa0

    • Size

      141KB

    • MD5

      377b29210ecd03fef40afbdffb3c03ba

    • SHA1

      6922d16863906e2d6843e18a7a501b64c0474ab2

    • SHA256

      e7e6162eff6b68db926b197d0f4e1937d63807434b2cb97b412083f9ad405fa0

    • SHA512

      bbf6f14b32134500ffda0a1602e6233a02ecc409ba8e0659a066cefd973f331abab16e4520ab9c83413d8518f98b3384c14c964015285bff0f5b7b76980a8ad4

    • SSDEEP

      3072:ubl6Nc7yRzs1H75wkZUgsQ6NqTBun5oq3Ke+U2jcc0lbxOrtRsLn:Ul6Nc7yRzs1H75wkZUgsQ6NqTBun5oqI

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks