Overview

overview

10

Static

static

8

73c59fd6f0...a5.xls

windows7-x64

10

73c59fd6f0...a5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73c59fd6f013ff27bc8d917a611a3418c9391dc50d6f518f25b864dc66e0cea5

  • Size

    142KB

  • Sample

    221127-de8keshe8x

  • MD5

    3bd7af11411bdc3117cdb2830b6b976a

  • SHA1

    f9095bb6b822827808e6a5a26124b9b1494eec3d

  • SHA256

    73c59fd6f013ff27bc8d917a611a3418c9391dc50d6f518f25b864dc66e0cea5

  • SHA512

    dabfb8ddd185a075b0c536b1918bdabfd69d228eaaa57e4246bb19d94912e1c1e01ae1cda49abcabcee8052b57c72f19e572e2adcb2044c8ad265faf10a1cdaf

  • SSDEEP

    3072:OTj03qHDdcmjcc0lbxOsv90w33XjUJtXwWKs:Ld33XuEs

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      73c59fd6f013ff27bc8d917a611a3418c9391dc50d6f518f25b864dc66e0cea5

    • Size

      142KB

    • MD5

      3bd7af11411bdc3117cdb2830b6b976a

    • SHA1

      f9095bb6b822827808e6a5a26124b9b1494eec3d

    • SHA256

      73c59fd6f013ff27bc8d917a611a3418c9391dc50d6f518f25b864dc66e0cea5

    • SHA512

      dabfb8ddd185a075b0c536b1918bdabfd69d228eaaa57e4246bb19d94912e1c1e01ae1cda49abcabcee8052b57c72f19e572e2adcb2044c8ad265faf10a1cdaf

    • SSDEEP

      3072:OTj03qHDdcmjcc0lbxOsv90w33XjUJtXwWKs:Ld33XuEs

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks