Overview

overview

10

Static

static

8

辅修申�...��.xls

windows7-x64

10

辅修申�...��.xls

windows10-2004-x64

10

辅修申�...��.xls

windows7-x64

10

辅修申�...��.xls

windows10-2004-x64

10

辅修申�...��.doc

windows7-x64

4

辅修申�...��.doc

windows10-2004-x64

1

辅修申�...��.doc

windows7-x64

4

辅修申�...��.doc

windows10-2004-x64

1

辅修申�...��.doc

windows7-x64

4

辅修申�...��.doc

windows10-2004-x64

1

辅修申�...��.doc

windows7-x64

4

辅修申�...��.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52244ed0480c66d2f7edb15db715661528633d2e4e84bafeb173160224169c72

  • Size

    76KB

  • Sample

    221127-yp968aab9s

  • MD5

    f1b77774d44f41e98883503c2d794334

  • SHA1

    53e8bee36923776bc1804ac888188c8c9078cbc3

  • SHA256

    52244ed0480c66d2f7edb15db715661528633d2e4e84bafeb173160224169c72

  • SHA512

    6d9563eba7dd2e839f3e535eb760d4c17e02605cfccd515101ba5f2cd3f6e83f519e2ce3c6692b5e3c10a0e6f2a7d0d336fe272266a3330b4807f6eebc650428

  • SSDEEP

    1536:TSYuMTTx4a+DTSClyyz4q0q4MQGmTFdes5Q2PS6j2gW3vL1THaB:TH1fq0n582q6j2gyvsB

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      辅修申请说明及相关表格/D.546123601.12480/++班辅修选课格式.xls

    • Size

      78KB

    • MD5

      a79c7ab6a921807da9ba58b07e1cd865

    • SHA1

      98452c34ff97647284fb68e83b70cf17d9658763

    • SHA256

      679ad72d01e3d20197f244943a258916a21b9e8cf9dd6e7952e4726bf7317ee5

    • SHA512

      cb7828cc4233b16fc40d195525b8b5f3cabe40393a486c0a79a26c6020d6544cf1c123d1307d241baae63a770acae7e2cfe7751b5bafd93649a5f318b261b96f

    • SSDEEP

      1536:ZSToT2jcc0lbxOqTgncCOU/WwF133qmc:B2jcc0lbxOKrDWqmc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

    • Target

      辅修申请说明及相关表格/D.546123601.12480/__班辅修申请登记表.xls

    • Size

      85KB

    • MD5

      d8300f621723ac7f581b7ae76a779e9a

    • SHA1

      8e4ec65e7b47cfb2bb75fc136af11eac726c6cdb

    • SHA256

      b3de07df532adb539a81002eae40f60546e3534b6a2732997f05f6d1dbe33ca0

    • SHA512

      61a3113b90234fb576fc62ee74afb36b90ffdfb7d98c14de2a572d208c89a997e2a74d6ac6a7b522d9078b9d0a538aa8ceae3f7b8f7ebf968cce2f63a02e2017

    • SSDEEP

      1536:LPPP7HY3jsWWVbkzQ7ITkygzA2KcCOU/WwF1Mo4I:2WVbkzQ7ITky0XDWl4I

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral3behavioral4

    • Target

      辅修申请说明及相关表格/D.546123601.12480/各学部专业及教学办公室.doc

    • Size

      21KB

    • MD5

      b15dd1b39c897e9aadb11b80571609a7

    • SHA1

      3f973ca31d95cded2e3da4912eb9416e6f40b8a2

    • SHA256

      a0f15bb0255bd06e112c4fdd717fb6b83b3c0e5d8fe7e20b666536cebb8ad364

    • SHA512

      56227fd184b51a006d067f5358f5b3fa7a955dda07a21ee1d285a7225b917104bef43df5d7ef88d980ee664b976b4239ba4005f4e71c9c9563d2a4b25d9fb256

    • SSDEEP

      192:s+utUu0luqXjuLVD4ulZlM/Ch4cEI+z9QwRdItsYyuNU:aJHLEIYVYu

    Score
    4/10
    behavioral5behavioral6

    • Target

      辅修申请说明及相关表格/D.546123601.12480/材料化工部辅修专业和学位的实施办法.doc

    • Size

      22KB

    • MD5

      46b43ebbd01d8ce68ee4dc652b78922d

    • SHA1

      7342313c5f79aa01b91ab3c3a94ee7d3ba223f53

    • SHA256

      1c7e37fb3cf5da3c6be401dd9d5bcb4c3d44f4148ef67ddd86bdf8d36efa1f44

    • SHA512

      26354c2836c2e16ec8a868ca9dd3a9855dafd731fd8681c16178becd67e54efcb87ee3174426e575e5e35cc52f24c445d95c3958809e2f043aa2c754447cc0be

    • SSDEEP

      384:ZYqfmqRpoMMloS48rRohkRxY+Vr8o3iq1SE1Fn:qqfmqRpoMMloS48rRohkRxY+Vr8o3iq1

    Score
    4/10
    behavioral7behavioral8

    • Target

      辅修申请说明及相关表格/D.546123601.12480/注意事项.doc

    • Size

      21KB

    • MD5

      703197bf5c755429a1cdfc8662a9746e

    • SHA1

      f551fc0b1fbfc55e29ee36b729e3a8eecdc2e390

    • SHA256

      22ec5ff67933006e9e771f6c67e76af7928f6f129f2edbc09368ae2c639df12a

    • SHA512

      2e4edd62dea7d429a01d319f0fbb5e08039e5003695478a30416a07eaf1fbcde8aaf0998d0500de6ebc666df707f7920005f4dbed7e56f309f87c368728092b6

    • SSDEEP

      96:TUSSSSSTA7MixhR61iL0Dv0YYfYqYERVxDJfYzo1qz:wSSSSSCM+wwYYfYqYW

    Score
    4/10
    behavioral10behavioral9

    • Target

      辅修申请说明及相关表格/D.546123601.12480/辅修申请表.doc

    • Size

      32KB

    • MD5

      bda1a28af1d40d9b3c4daeb8dfb253db

    • SHA1

      3008888c9c170feb7a149dddea79530078ca998e

    • SHA256

      64eff107af5f4e6b0ac369c91d6655b9374b2a09c20b60a6adbb82c3adb8b120

    • SHA512

      91aa5c41e9fabcb1f8ea20ae4d8c13feb395c424010b3801ca1b60f87c95647a3aa428f9e1d5e09b9f1bff8b56bf2dd04b94996ed020f93cf2f22bb85ee2b221

    • SSDEEP

      96:audT1TiAh6/MDdwgudcQIZ9lTY9leD9lHpcU35pUGDLO0xVrFi7u7Wmz3W/ZHHTV:xFfQmlelilU0/Fg0xz3wbcFEbXrh5bm

    Score
    4/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

12
T1012

System Information Discovery

12
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks