Overview

overview

10

Static

static

8

c78a75a2c2...c5.xls

windows7-x64

10

c78a75a2c2...c5.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c78a75a2c2909fb4fe63767308fff176d80af3ae3037677271a36aea382a85c5

  • Size

    96KB

  • Sample

    221127-dd2qgshe3w

  • MD5

    73d92c3deade678d26fe9945f46ab864

  • SHA1

    302d28a84dfcfb4a083d0cf5af916d514fbdb58f

  • SHA256

    c78a75a2c2909fb4fe63767308fff176d80af3ae3037677271a36aea382a85c5

  • SHA512

    8d926a517c6395b03bfee51a7fdda9b25c7be497b2cb99a77752bd56735e93fde3a4eed2d727c2f7e68e047d9c001f6a499a8067aa9d6e53ef316c99c9f47951

  • SSDEEP

    3072:Wd1gxv7yZmspH7+cclKisPI4ukoRWGN6WVbrzQ7ITkFIBAww33XjUJtXwm:S1gxv7yZmspH7+cclKisPI4ukoRWGNc+

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c78a75a2c2909fb4fe63767308fff176d80af3ae3037677271a36aea382a85c5

    • Size

      96KB

    • MD5

      73d92c3deade678d26fe9945f46ab864

    • SHA1

      302d28a84dfcfb4a083d0cf5af916d514fbdb58f

    • SHA256

      c78a75a2c2909fb4fe63767308fff176d80af3ae3037677271a36aea382a85c5

    • SHA512

      8d926a517c6395b03bfee51a7fdda9b25c7be497b2cb99a77752bd56735e93fde3a4eed2d727c2f7e68e047d9c001f6a499a8067aa9d6e53ef316c99c9f47951

    • SSDEEP

      3072:Wd1gxv7yZmspH7+cclKisPI4ukoRWGN6WVbrzQ7ITkFIBAww33XjUJtXwm:S1gxv7yZmspH7+cclKisPI4ukoRWGNc+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks