Overview

overview

10

Static

static

8

控制价/...��.xls

windows7-x64

10

控制价/...��.xls

windows10-2004-x64

10

控制价/...��.xls

windows7-x64

10

控制价/...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7235dd0917d213bb7c11e38c88b3b0ae2bfadfa9a40fe4dc4397bd7f43421fc3

  • Size

    111KB

  • Sample

    221127-dfbbbahe9s

  • MD5

    e292b30051e7110c3e6ba49e8d5f82f6

  • SHA1

    c38f5b7d329e1d63a7226d481189c1aea8297484

  • SHA256

    7235dd0917d213bb7c11e38c88b3b0ae2bfadfa9a40fe4dc4397bd7f43421fc3

  • SHA512

    aecdd37bf22271c9c54c438248475ae31e675538f7247d0cf80a6cc2d276e8a0f6ac95edeb3033e6e6edd8b72b01efa3770e5d8aa8211d97e6a9c2a06624326f

  • SSDEEP

    3072:sNQ8li7jKsiSNwtN9s0265X+Ae9Nun33ZucAg:OQts0wX+AKonMcAg

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      控制价/如东县岔河镇古坝小学教学楼新建工程-土建.xls

    • Size

      185KB

    • MD5

      9a67a32b8de92fffa5c00a570c64558a

    • SHA1

      1d92473d39544f79fd3dd62375b63cbfa47850de

    • SHA256

      8fca49370c4d1f986e6b1850748d18182a879c05f5bc709800ea3a02a4ccf992

    • SHA512

      b2658a4fe2195b48efec092f2f6c633a9a79629c98f7b7107e1b1636698262eb9a1bc899c86b1a786a1e33bb02e8de0c5484a62eae462f11c3a0685f254f80fe

    • SSDEEP

      3072:eF+HEK6EIJiRLHJ+O01uWVbh2zQ7ITk9pxJtXwkv42Q:fHD7G

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

    • Target

      控制价/如东县岔河镇古坝小学教学楼新建工程-安装.xls

    • Size

      169KB

    • MD5

      435fdab96799a0aa379643c71653dc8b

    • SHA1

      6fd489b5795d7e5c8de6fcdacf5b41494f7c247e

    • SHA256

      c95512b09c87d0edbdf990c053e9193d2479b8db30d652e6c04fe120931541c6

    • SHA512

      f92c5a2279b77027aacfb30efaff8067f1c32613aa8228a8582b3bd6747de3d3a2a8b3bb7338f54ce6215dc1d65d0f8ec69bbd3313c3ca1833e7a33f56fa1148

    • SSDEEP

      3072:01TLjmvu0Mb/edr16mK4WHbAkwJWVb95izQ7ITk9jYJtXwjv4xry:9DK6Mq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks