Overview

overview

10

Static

static

8

d41e01a91d...91.xls

windows7-x64

10

d41e01a91d...91.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d41e01a91dfd059f76055ca8aca0f3ed4770c43756c70cdf0e755314124c1291

  • Size

    89KB

  • Sample

    221128-l25q2saf2s

  • MD5

    35c369528efbfc61c8ab3d5a47f278b5

  • SHA1

    21ddfb7b357d4e72d861d3a1eb85ee1a043ba275

  • SHA256

    d41e01a91dfd059f76055ca8aca0f3ed4770c43756c70cdf0e755314124c1291

  • SHA512

    7d530d935c6407d0cc32bd1f339323b325b74168f5faebe23726bf7313a3e0267410aac9a666e47ea2a3b38556579cb21d663454c6a621d76c1467c9411e46ad

  • SSDEEP

    1536:M222j2dJxMty68D2SgYhC4T1gxv7yZmspHlYGGfciEZClsCs9q4oOKzwAN1Uys3H:S1gxv7yZmspHlYGGfcisCs9q4oOKzwAH

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      d41e01a91dfd059f76055ca8aca0f3ed4770c43756c70cdf0e755314124c1291

    • Size

      89KB

    • MD5

      35c369528efbfc61c8ab3d5a47f278b5

    • SHA1

      21ddfb7b357d4e72d861d3a1eb85ee1a043ba275

    • SHA256

      d41e01a91dfd059f76055ca8aca0f3ed4770c43756c70cdf0e755314124c1291

    • SHA512

      7d530d935c6407d0cc32bd1f339323b325b74168f5faebe23726bf7313a3e0267410aac9a666e47ea2a3b38556579cb21d663454c6a621d76c1467c9411e46ad

    • SSDEEP

      1536:M222j2dJxMty68D2SgYhC4T1gxv7yZmspHlYGGfciEZClsCs9q4oOKzwAN1Uys3H:S1gxv7yZmspHlYGGfcisCs9q4oOKzwAH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks