Overview

overview

10

Static

static

8

ca8f4d8669...4f.xls

windows7-x64

10

ca8f4d8669...4f.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca8f4d8669cd97c9806fb591f1035100c64cfe3817a498dd9d22e930f740904f

  • Size

    91KB

  • Sample

    221127-27fl4sfc97

  • MD5

    3b8aa48fb6601c72b3c4e1466d99b0cc

  • SHA1

    e4722f2a392a725473d6ac692284238451ce348a

  • SHA256

    ca8f4d8669cd97c9806fb591f1035100c64cfe3817a498dd9d22e930f740904f

  • SHA512

    d94f2ec42a4c3f720f712a8d6d446e78307e57a885a829172b446fb1369bb79863bd318064fef8d0bd48518d3b7cfbd7213a65295eec3f2e18edacc4996fbf32

  • SSDEEP

    1536:WqqqeniphhWVbrtkzEleQ7ITkR62lzIhY7nJdJoOd7cJaXwRCM2M/MGwb:RWVbrjQQ7ITk9a2AJaXwX5kDb

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ca8f4d8669cd97c9806fb591f1035100c64cfe3817a498dd9d22e930f740904f

    • Size

      91KB

    • MD5

      3b8aa48fb6601c72b3c4e1466d99b0cc

    • SHA1

      e4722f2a392a725473d6ac692284238451ce348a

    • SHA256

      ca8f4d8669cd97c9806fb591f1035100c64cfe3817a498dd9d22e930f740904f

    • SHA512

      d94f2ec42a4c3f720f712a8d6d446e78307e57a885a829172b446fb1369bb79863bd318064fef8d0bd48518d3b7cfbd7213a65295eec3f2e18edacc4996fbf32

    • SSDEEP

      1536:WqqqeniphhWVbrtkzEleQ7ITkR62lzIhY7nJdJoOd7cJaXwRCM2M/MGwb:RWVbrjQQ7ITk9a2AJaXwX5kDb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks