Overview

overview

10

Static

static

8

37ad1a49dd...05.xls

windows7-x64

10

37ad1a49dd...05.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37ad1a49dd4702aa040cd51ab984ca3bd90f4477d3b6496a84b27784d1a3a905

  • Size

    257KB

  • Sample

    221127-de62lahe8t

  • MD5

    8f5ba99294572fddd07c4ee6b811bd98

  • SHA1

    f45529054a06d3701457f3eb4f8dca227ef8b826

  • SHA256

    37ad1a49dd4702aa040cd51ab984ca3bd90f4477d3b6496a84b27784d1a3a905

  • SHA512

    0c6eef0250b05962dc1ca70c0bc60101332619b071403b2dfc7c28752e0ba2e2d84191563be65f648aea73f603e1fa50ab4ad5ba9d68b9f61a9e0583bcaa307a

  • SSDEEP

    3072:/0wc82vlAViEiKYH1glo8z9AKU6tjcc0lbxOIoAZb1JtXw9R:Tc82Sde+9VU+iTY

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      37ad1a49dd4702aa040cd51ab984ca3bd90f4477d3b6496a84b27784d1a3a905

    • Size

      257KB

    • MD5

      8f5ba99294572fddd07c4ee6b811bd98

    • SHA1

      f45529054a06d3701457f3eb4f8dca227ef8b826

    • SHA256

      37ad1a49dd4702aa040cd51ab984ca3bd90f4477d3b6496a84b27784d1a3a905

    • SHA512

      0c6eef0250b05962dc1ca70c0bc60101332619b071403b2dfc7c28752e0ba2e2d84191563be65f648aea73f603e1fa50ab4ad5ba9d68b9f61a9e0583bcaa307a

    • SSDEEP

      3072:/0wc82vlAViEiKYH1glo8z9AKU6tjcc0lbxOIoAZb1JtXw9R:Tc82Sde+9VU+iTY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks