Overview

overview

10

Static

static

8

公务员�...��.xls

windows7-x64

1

公务员�...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    699d3a77fde20deed0f060912bd5294bd7086ec4c61966a5c992882923879146

  • Size

    26KB

  • Sample

    221127-ded1taea78

  • MD5

    14f351c2c53cfa31398e94331ee015b6

  • SHA1

    706d77285de4833b87df0a9b36a81349a3f4fdf9

  • SHA256

    699d3a77fde20deed0f060912bd5294bd7086ec4c61966a5c992882923879146

  • SHA512

    d4c25e06f4937171d0a2f995f5e0b6582b9ef7e898fe656bd6235ddb18bfeca287503b943f638946fadc24c5ed90b1dbf4d33df7138d51e50b032fc7f1ba0a82

  • SSDEEP

    768:cYrSHWlsEPZUi1akAZENOB0jGL/pl4VOrzaeuLT:dr8/kZUAzAZENOIGLBl0

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      公务员工资收入情况调查表模板.xls

    • Size

      186KB

    • MD5

      a500ba145ffd6dbdc2f091d979973ee2

    • SHA1

      953a9adf79f2060b48db7c2fdc678f3d8527aba6

    • SHA256

      08deb10d392a330e436f61359b894ede6f803b6809df5001c0a9710a0ce8bbef

    • SHA512

      b179c08b8845f18fd6b12a606ccefe3db43ef23798312d86a72c9d62ec42a57eb155351416e12c71fecae9c7a92609dac76f6d332d78b79cfb766574a48dedce

    • SSDEEP

      1536:1bbbbvbYiT12vQApKi1qGeSnuyMjbYwugu5pyrYNQk9RBuYOwDg7Hgl6J5uRKHHS:6QkdDUHgleHHoT0F9hh2CcnKV6o+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks