Overview

overview

10

Static

static

8

8fca49370c...92.xls

windows7-x64

10

8fca49370c...92.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fca49370c4d1f986e6b1850748d18182a879c05f5bc709800ea3a02a4ccf992

  • Size

    185KB

  • Sample

    221127-ddxrjaea37

  • MD5

    9a67a32b8de92fffa5c00a570c64558a

  • SHA1

    1d92473d39544f79fd3dd62375b63cbfa47850de

  • SHA256

    8fca49370c4d1f986e6b1850748d18182a879c05f5bc709800ea3a02a4ccf992

  • SHA512

    b2658a4fe2195b48efec092f2f6c633a9a79629c98f7b7107e1b1636698262eb9a1bc899c86b1a786a1e33bb02e8de0c5484a62eae462f11c3a0685f254f80fe

  • SSDEEP

    3072:eF+HEK6EIJiRLHJ+O01uWVbh2zQ7ITk9pxJtXwkv42Q:fHD7G

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      8fca49370c4d1f986e6b1850748d18182a879c05f5bc709800ea3a02a4ccf992

    • Size

      185KB

    • MD5

      9a67a32b8de92fffa5c00a570c64558a

    • SHA1

      1d92473d39544f79fd3dd62375b63cbfa47850de

    • SHA256

      8fca49370c4d1f986e6b1850748d18182a879c05f5bc709800ea3a02a4ccf992

    • SHA512

      b2658a4fe2195b48efec092f2f6c633a9a79629c98f7b7107e1b1636698262eb9a1bc899c86b1a786a1e33bb02e8de0c5484a62eae462f11c3a0685f254f80fe

    • SSDEEP

      3072:eF+HEK6EIJiRLHJ+O01uWVbh2zQ7ITk9pxJtXwkv42Q:fHD7G

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks