Overview

overview

10

Static

static

8

32ce1f42c6...4d.xls

windows7-x64

10

32ce1f42c6...4d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32ce1f42c6dcad7e2e39d586a66f414b7220d4c474f36b31650aca126c1ca24d

  • Size

    378KB

  • Sample

    221128-c4117shc72

  • MD5

    158a8b706fdbf03357252ceb14409dfe

  • SHA1

    eaa83cef9aecdc4655554dfbe8d612699ed5460e

  • SHA256

    32ce1f42c6dcad7e2e39d586a66f414b7220d4c474f36b31650aca126c1ca24d

  • SHA512

    17e9faa69b68cdf3200fe4112b786cb80483f9602c8befb1edcc64b79a12e2a34268777b145f25de11ed54ca94a8f4f2ef1b63321410bd395919b05fe482f3d6

  • SSDEEP

    6144:rfA5AkWQEPzuyyguS00PK+ra7KcCQQ3XWs2:kgB/0A5v2s

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      32ce1f42c6dcad7e2e39d586a66f414b7220d4c474f36b31650aca126c1ca24d

    • Size

      378KB

    • MD5

      158a8b706fdbf03357252ceb14409dfe

    • SHA1

      eaa83cef9aecdc4655554dfbe8d612699ed5460e

    • SHA256

      32ce1f42c6dcad7e2e39d586a66f414b7220d4c474f36b31650aca126c1ca24d

    • SHA512

      17e9faa69b68cdf3200fe4112b786cb80483f9602c8befb1edcc64b79a12e2a34268777b145f25de11ed54ca94a8f4f2ef1b63321410bd395919b05fe482f3d6

    • SSDEEP

      6144:rfA5AkWQEPzuyyguS00PK+ra7KcCQQ3XWs2:kgB/0A5v2s

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks