Overview

overview

10

Static

static

8

733646f77e...48.xls

windows7-x64

10

733646f77e...48.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    733646f77e4d6fa78aa78ba0df7cc16e5716ac549775acc3340c3b25de2e6b48

  • Size

    87KB

  • Sample

    221127-ypsxyaec42

  • MD5

    e8d103a9aedae5e4fa29c442c0688c44

  • SHA1

    c4ccc7fe49fc8597c5d07b00725ddc6d64d0246e

  • SHA256

    733646f77e4d6fa78aa78ba0df7cc16e5716ac549775acc3340c3b25de2e6b48

  • SHA512

    a9c543dc18de680ac7941621098e29014f5a5ab437f7981047998108f8e81edbf2bc285436ea2196502dc6d1c1e4dbfb94dc67b7e6c368d1d8735381a46c6356

  • SSDEEP

    1536:OoooEvG/awH0U1ic7U2jcc0lbxOvTgZgoMY7nJdJoOd7cJKXweb82:iGkQ7U2jcc0lbxOr4tAJKXwk82

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      733646f77e4d6fa78aa78ba0df7cc16e5716ac549775acc3340c3b25de2e6b48

    • Size

      87KB

    • MD5

      e8d103a9aedae5e4fa29c442c0688c44

    • SHA1

      c4ccc7fe49fc8597c5d07b00725ddc6d64d0246e

    • SHA256

      733646f77e4d6fa78aa78ba0df7cc16e5716ac549775acc3340c3b25de2e6b48

    • SHA512

      a9c543dc18de680ac7941621098e29014f5a5ab437f7981047998108f8e81edbf2bc285436ea2196502dc6d1c1e4dbfb94dc67b7e6c368d1d8735381a46c6356

    • SSDEEP

      1536:OoooEvG/awH0U1ic7U2jcc0lbxOvTgZgoMY7nJdJoOd7cJKXweb82:iGkQ7U2jcc0lbxOr4tAJKXwk82

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks