Overview

overview

10

Static

static

8

57f26eedbc...c5.xls

windows7-x64

10

57f26eedbc...c5.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57f26eedbcab9dfb3e6c77a55a5b5d2775294a646c7d84f28bff3a544fe77bc5

  • Size

    120KB

  • Sample

    221128-c4yk3shc66

  • MD5

    386e3f9282db8a3e18abb4a15faf0a62

  • SHA1

    f8c1cd7333ec6434b5a814fe5160a650c9ea567c

  • SHA256

    57f26eedbcab9dfb3e6c77a55a5b5d2775294a646c7d84f28bff3a544fe77bc5

  • SHA512

    ba82811ae7267dbcac1a46e642f513a2c94f0fed9fa4f19a978e026a0fd1f3b9c7beda795a30539f268c0e09f507793783f409f48fe15a3dee28d3200220c3d9

  • SSDEEP

    3072:O5hopbWi+WVbrz07ITkDsjhJtXwe5kiVj:dWqJ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      57f26eedbcab9dfb3e6c77a55a5b5d2775294a646c7d84f28bff3a544fe77bc5

    • Size

      120KB

    • MD5

      386e3f9282db8a3e18abb4a15faf0a62

    • SHA1

      f8c1cd7333ec6434b5a814fe5160a650c9ea567c

    • SHA256

      57f26eedbcab9dfb3e6c77a55a5b5d2775294a646c7d84f28bff3a544fe77bc5

    • SHA512

      ba82811ae7267dbcac1a46e642f513a2c94f0fed9fa4f19a978e026a0fd1f3b9c7beda795a30539f268c0e09f507793783f409f48fe15a3dee28d3200220c3d9

    • SSDEEP

      3072:O5hopbWi+WVbrz07ITkDsjhJtXwe5kiVj:dWqJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks