Overview

overview

10

Static

static

8

56ed7e443b...3d.xls

windows7-x64

10

56ed7e443b...3d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56ed7e443b5efa34ef0424924f03a8b7fd3709ea134205a418c86a2f9ac1883d

  • Size

    88KB

  • Sample

    221128-c4ywvahc67

  • MD5

    f0b3841f0f0cb30324a08ea9d6a502d3

  • SHA1

    36eb1756adc951c08d32b93a365e6f3c73c56662

  • SHA256

    56ed7e443b5efa34ef0424924f03a8b7fd3709ea134205a418c86a2f9ac1883d

  • SHA512

    9bea2c155624cddc689b94e49626394267bcf8e0a730d5566c20dbf06802a9809778ba87a062c2bc81bb6b8ea79dd4f30ad21ee3d6345d2bb844a00e8b0cd9b6

  • SSDEEP

    1536:5SSSS6arpLAWkbrzQ7ITkIa94x27mO/WaF11dGl+:otWkbrzQ7ITk/9fqqa+

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      56ed7e443b5efa34ef0424924f03a8b7fd3709ea134205a418c86a2f9ac1883d

    • Size

      88KB

    • MD5

      f0b3841f0f0cb30324a08ea9d6a502d3

    • SHA1

      36eb1756adc951c08d32b93a365e6f3c73c56662

    • SHA256

      56ed7e443b5efa34ef0424924f03a8b7fd3709ea134205a418c86a2f9ac1883d

    • SHA512

      9bea2c155624cddc689b94e49626394267bcf8e0a730d5566c20dbf06802a9809778ba87a062c2bc81bb6b8ea79dd4f30ad21ee3d6345d2bb844a00e8b0cd9b6

    • SSDEEP

      1536:5SSSS6arpLAWkbrzQ7ITkIa94x27mO/WaF11dGl+:otWkbrzQ7ITk/9fqqa+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks