Overview

overview

10

Static

static

8

8aaea0584b...d1.xls

windows7-x64

10

8aaea0584b...d1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aaea0584bbc9a96080d1d3084fef91cc170cdb6143e99eba62c77a51d12a8d1

  • Size

    102KB

  • Sample

    221128-bsgyhshg6v

  • MD5

    394f354ce29c6b174d87705f18e15f6e

  • SHA1

    86340e61109cad89c5781da3177d91e2556b8fe5

  • SHA256

    8aaea0584bbc9a96080d1d3084fef91cc170cdb6143e99eba62c77a51d12a8d1

  • SHA512

    4b29aa04949da268242b50a75f6e315f47754d48e7554efb8f920692d08d2ed1d402dd9ac5607a45aaf7fd89491a4a0d5be1c7d3ff7a3ed3cc933611a8ea2dc5

  • SSDEEP

    1536:qmmmCmhF9kTE86dok3mXU7oqeHrZ95MHDquWVvrzQ7ITkwMlJx23LV88ScJtXwBl:U0WVvrzQ7ITkwHRjhJtXw3H

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      8aaea0584bbc9a96080d1d3084fef91cc170cdb6143e99eba62c77a51d12a8d1

    • Size

      102KB

    • MD5

      394f354ce29c6b174d87705f18e15f6e

    • SHA1

      86340e61109cad89c5781da3177d91e2556b8fe5

    • SHA256

      8aaea0584bbc9a96080d1d3084fef91cc170cdb6143e99eba62c77a51d12a8d1

    • SHA512

      4b29aa04949da268242b50a75f6e315f47754d48e7554efb8f920692d08d2ed1d402dd9ac5607a45aaf7fd89491a4a0d5be1c7d3ff7a3ed3cc933611a8ea2dc5

    • SSDEEP

      1536:qmmmCmhF9kTE86dok3mXU7oqeHrZ95MHDquWVvrzQ7ITkwMlJx23LV88ScJtXwBl:U0WVvrzQ7ITkwHRjhJtXw3H

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks