Overview

overview

10

Static

static

8

ɽ�...��.xls

windows7-x64

10

ɽ�...��.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93bc322cfd5157cae01505a0062d412e0a2e2085835f473dd52b91685ce8ae80

  • Size

    34KB

  • Sample

    221127-yp4pfaab71

  • MD5

    754e89f0ba8b37516ff4ff5a52f38f95

  • SHA1

    081c6bb24a176eef56750088bb7af6461995c706

  • SHA256

    93bc322cfd5157cae01505a0062d412e0a2e2085835f473dd52b91685ce8ae80

  • SHA512

    bdcb74d8342e90ec207f5213b8f7e242abfb23d968378c2456ed74148c4f9f81f6909405f12e8eccaeb98e6f718a41928b3095ac71136597d9199b0a07ec42c8

  • SSDEEP

    768:DIhWw0Gvcx3l6jbz/CgMe22uDR8uOK515sBOJzrk91:DI4vGEx3uzqgMJ2OR35sBOJzrM1

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ɽи¼ùԱ.xls

    • Size

      87KB

    • MD5

      e8d103a9aedae5e4fa29c442c0688c44

    • SHA1

      c4ccc7fe49fc8597c5d07b00725ddc6d64d0246e

    • SHA256

      733646f77e4d6fa78aa78ba0df7cc16e5716ac549775acc3340c3b25de2e6b48

    • SHA512

      a9c543dc18de680ac7941621098e29014f5a5ab437f7981047998108f8e81edbf2bc285436ea2196502dc6d1c1e4dbfb94dc67b7e6c368d1d8735381a46c6356

    • SSDEEP

      1536:OoooEvG/awH0U1ic7U2jcc0lbxOvTgZgoMY7nJdJoOd7cJKXweb82:iGkQ7U2jcc0lbxOr4tAJKXwk82

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks