Overview

overview

10

Static

static

8

1416d5d307...9c.xls

windows7-x64

1

1416d5d307...9c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1416d5d3070ab49e0f34ee93139e5becc2d858697e80364a54f035510db5ea9c

  • Size

    188KB

  • Sample

    221127-yp2vvaec55

  • MD5

    4bb78c00505cb01924e6acf921b68e3d

  • SHA1

    6d8f1d8c3e4cabcf701bf5c56c012f766d391293

  • SHA256

    1416d5d3070ab49e0f34ee93139e5becc2d858697e80364a54f035510db5ea9c

  • SHA512

    336d7cbef2e144f77a4d1ac5ab60edfe1002cc29c6434719ecd8455a2da4fd605c81198c911e56f012c2a2197521817c6f0a1e4e7ee4bdc12c2225f1f3949697

  • SSDEEP

    3072:9zh74zGVg+PpWeQAsoUVyIj6ti6iHSg+eBkb+lPZ:T4zGVg+PpWeQpb6tOHSgpCK

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      1416d5d3070ab49e0f34ee93139e5becc2d858697e80364a54f035510db5ea9c

    • Size

      188KB

    • MD5

      4bb78c00505cb01924e6acf921b68e3d

    • SHA1

      6d8f1d8c3e4cabcf701bf5c56c012f766d391293

    • SHA256

      1416d5d3070ab49e0f34ee93139e5becc2d858697e80364a54f035510db5ea9c

    • SHA512

      336d7cbef2e144f77a4d1ac5ab60edfe1002cc29c6434719ecd8455a2da4fd605c81198c911e56f012c2a2197521817c6f0a1e4e7ee4bdc12c2225f1f3949697

    • SSDEEP

      3072:9zh74zGVg+PpWeQAsoUVyIj6ti6iHSg+eBkb+lPZ:T4zGVg+PpWeQpb6tOHSgpCK

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks