af06b55ef0e89fa14454560b58542469a5461aaca261726eb66bf84acd52681c | Triage

Sharing

General

Target

af06b55ef0e89fa14454560b58542469a5461aaca261726eb66bf84acd52681c
Size

62KB
Sample

221127-deacmaea68
MD5

7f291501a1895c6085d29034adbad106
SHA1

0b7671d05805da2e26002284c9937d55dfbb2eb6
SHA256

af06b55ef0e89fa14454560b58542469a5461aaca261726eb66bf84acd52681c
SHA512

63b2708017e81c9204bb64f80cfbdb5130478e4225422fdc39aed9c2eee6009f4a02a4b42d0c46b4a05460d3a7c563d792bb0c1925722bfa3582666ca8ca6aaa
SSDEEP

1536:o05rbOsx1RTbwWQtX8LlSB+IKN+7NxnJsVUxjG+Bs:35rbt3TNQuABv7DJsVuj7s

Score

8^/10

macro xlm

Malware Config

Targets

- Target
  
  11温州市中小学骨干考核 (1).doc
- Size
  
  41KB
- MD5
  
  fbada3563affbe76265b03e5e58edbb0
- SHA1
  
  72ca88b7ef4ab8f69fdbfda95798145995022eb0
- SHA256
  
  4910727a53e45779cd447279f3489b63f7976da5f1c86cb551319dd033bfb875
- SHA512
  
  b432b7661ad30af50c196b609897f1d6db9e49ef202ee1a7a2cb902213d990a47c4e7595fa571e7e708ecdc12e8de31c0d9f7e82f22d36ca944a5ddde47cd7f3
- SSDEEP
  
  192:9le7KKKLWhc0HroZytdPU1iLK9m+iaLzxyuAe2l2xjHFdaqovbWWNM5aaaano1PZ:9A7D2oroKJVNGRweqvgoWJwLFWH
Score

4^/10
behavioral1 behavioral2
- Target
  
  11温州市中小学骨干考核.doc
- Size
  
  41KB
- MD5
  
  5f11d9fbef85cf863aa0a95f0a0041c5
- SHA1
  
  4c8885836807015afcde42a7a39f1425b56b1537
- SHA256
  
  67df3f9defdeae8cef7b68f43fac86ab58cc0e628a92e31057048b7e02272323
- SHA512
  
  04f9c405b21cbcfd3515e7c0a92f32582d0596363063f8592e5c3bfcc7f3191a78235b51786e1f123597a1c4405002da7d7167b9a79ea4c04281ec4463437a97
- SSDEEP
  
  384:gTZYZxr+rrNZK+9jm6/PaHjLofN53zhTNI0sHakkcEzygKykca/qvvn+z:+ZzZKFLo3n+ykcpvfi
Score

4^/10
behavioral3 behavioral4
- Target
  
  新秀中坚宿将考核表11.xls
- Size
  
  164KB
- MD5
  
  07024a1929b69d53fca7e095b6fa5332
- SHA1
  
  d733ea5977570ba08956bbce3b9aacff1e65f2a2
- SHA256
  
  3c37501e4a4d37feb582ac44f3a4de129794238eb8cb1fe3743831028570c4b7
- SHA512
  
  dacb55482509c40ab08803e3422113d4fa451e267c00f8896b7028f4b5fb44570107764d549e568ed5e2a3d489fc33b5d5a98f16190f632d1fa1dd1ac6cbecd1
- SSDEEP
  
  3072:ZXng+GfjgyRL3s1xHFn2GFmofafT5XV+CKhd/S:mjxkxlnjjQ
Score

6^/10
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral5 behavioral6
- Target
  
  马上用三个层次(骨干考核).xls
- Size
  
  60KB
- MD5
  
  0f248e6dd9817f6026aa06936657f479
- SHA1
  
  71ccb6275cdc3546525314ff7638ce6aef6ac2fa
- SHA256
  
  bd5777aa9f5b3876dce4b56e77f90cabcd836ed1307ebd740dc516a31142883a
- SHA512
  
  3eecd11487c1c6a1b8d4948fa0f47cfcb288d608e681144e6b5b7dd9161589eebc90b782018db85777dd43f649b6326aace01baf0a2bfce71f458c83434c4056
- SSDEEP
  
  1536:mwwww+d/jbqKlV6+Z5wqC7Ud8BwvTZ95kOAZt12GfqHCRgSEIHJSdNW9:BmZt12GCHCRgSEYSu9
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8