Overview

overview

10

Static

static

8

930233d6a0...73.xls

windows7-x64

10

930233d6a0...73.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    930233d6a045cd9d4b8a2971d1a176aedfb58a25f04fc20ca3b0ebe629471973

  • Size

    85KB

  • Sample

    221127-dd3yjsea53

  • MD5

    1b312b1526b03f5e4a56672f4978fcfd

  • SHA1

    37f82d04b2d0c432c95bd765d0b9ef5380afc7e4

  • SHA256

    930233d6a045cd9d4b8a2971d1a176aedfb58a25f04fc20ca3b0ebe629471973

  • SHA512

    64677cfaee666d80c4937b553a44034b84505caa14da4f03d22e3491b8447a18f97cb696590ff03e90d3a0b1619bb592ea44f5932c1e97ecc7b4238d3153b957

  • SSDEEP

    1536:HOOOO67DSy1NO2lXbjSytC2BhYS6Drm1gxv7yZmspH7+cclKiEZClsPI4ukoRWGx:Rm1gxv7yZmspH7+cclKisPI4ukoRWGNf

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      930233d6a045cd9d4b8a2971d1a176aedfb58a25f04fc20ca3b0ebe629471973

    • Size

      85KB

    • MD5

      1b312b1526b03f5e4a56672f4978fcfd

    • SHA1

      37f82d04b2d0c432c95bd765d0b9ef5380afc7e4

    • SHA256

      930233d6a045cd9d4b8a2971d1a176aedfb58a25f04fc20ca3b0ebe629471973

    • SHA512

      64677cfaee666d80c4937b553a44034b84505caa14da4f03d22e3491b8447a18f97cb696590ff03e90d3a0b1619bb592ea44f5932c1e97ecc7b4238d3153b957

    • SSDEEP

      1536:HOOOO67DSy1NO2lXbjSytC2BhYS6Drm1gxv7yZmspH7+cclKiEZClsPI4ukoRWGx:Rm1gxv7yZmspH7+cclKisPI4ukoRWGNf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks