Overview

overview

10

Static

static

8

532aeaaf45...d3.xls

windows7-x64

10

532aeaaf45...d3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    532aeaaf452fbafee06bf45f0be61020d279e71a59cffc4b56486b9ddb71e8d3

  • Size

    31KB

  • Sample

    221128-ahbs3saa92

  • MD5

    68264dfa2f0b2126a9a8cdb6df52649f

  • SHA1

    1024017758284f1284894ac0b7255f5734636eb8

  • SHA256

    532aeaaf452fbafee06bf45f0be61020d279e71a59cffc4b56486b9ddb71e8d3

  • SHA512

    98dcf08d92ee46195f62674c0539ee34738ca2a9e728a9d0a787bc7aa495bab36afcce04026e4a367603d39cfab93005210af24abace45d87fb4601e6170f893

  • SSDEEP

    384:Jo6GAWRNVnoglPro3/bGGW19YiZebTtef60Fw7whiJ1qDuZ/pj:WXdqGGWHYiceykSJuwpj

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      532aeaaf452fbafee06bf45f0be61020d279e71a59cffc4b56486b9ddb71e8d3

    • Size

      31KB

    • MD5

      68264dfa2f0b2126a9a8cdb6df52649f

    • SHA1

      1024017758284f1284894ac0b7255f5734636eb8

    • SHA256

      532aeaaf452fbafee06bf45f0be61020d279e71a59cffc4b56486b9ddb71e8d3

    • SHA512

      98dcf08d92ee46195f62674c0539ee34738ca2a9e728a9d0a787bc7aa495bab36afcce04026e4a367603d39cfab93005210af24abace45d87fb4601e6170f893

    • SSDEEP

      384:Jo6GAWRNVnoglPro3/bGGW19YiZebTtef60Fw7whiJ1qDuZ/pj:WXdqGGWHYiceykSJuwpj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks