Overview

overview

10

Static

static

8

38d82acb7a...4b.xls

windows7-x64

10

38d82acb7a...4b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38d82acb7ac03228d0d5f9a38da10e6c7e3e0a695443129ab5651b4cc63f454b

  • Size

    102KB

  • Sample

    221127-decgzsea74

  • MD5

    1f82b1bdae3924185845d3c1c624b407

  • SHA1

    ac544bbe29badfad77a5d3bdc99ecf3c0657c3b8

  • SHA256

    38d82acb7ac03228d0d5f9a38da10e6c7e3e0a695443129ab5651b4cc63f454b

  • SHA512

    410bf653d3f805cd22774b66316e3390ac1c0c72c257315030867f1bb4c8e3c0c35250f0ecb8d7a294d72125bc798f22de43db88b59d3e600810b97362ea8413

  • SSDEEP

    3072:jTQn6v7yZmspH7+7alMisPI4ukoRWGNTxfAxo2jcc0lbxOrLHDJtXwvd:nQn6v7yZmspH7+7alMisPI4ukoRWGNTB

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      38d82acb7ac03228d0d5f9a38da10e6c7e3e0a695443129ab5651b4cc63f454b

    • Size

      102KB

    • MD5

      1f82b1bdae3924185845d3c1c624b407

    • SHA1

      ac544bbe29badfad77a5d3bdc99ecf3c0657c3b8

    • SHA256

      38d82acb7ac03228d0d5f9a38da10e6c7e3e0a695443129ab5651b4cc63f454b

    • SHA512

      410bf653d3f805cd22774b66316e3390ac1c0c72c257315030867f1bb4c8e3c0c35250f0ecb8d7a294d72125bc798f22de43db88b59d3e600810b97362ea8413

    • SSDEEP

      3072:jTQn6v7yZmspH7+7alMisPI4ukoRWGNTxfAxo2jcc0lbxOrLHDJtXwvd:nQn6v7yZmspH7+7alMisPI4ukoRWGNTB

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks