Overview

overview

10

Static

static

8

0820a92cf0...18.xls

windows7-x64

10

0820a92cf0...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0820a92cf03e8b51b7e802c47e66d58b44d6e3b4f3d2536ec380c7e2f7942c18

  • Size

    149KB

  • Sample

    221128-mjdqaabh7w

  • MD5

    aab02933badbcc18e2437eb15d335b0a

  • SHA1

    3ee06bb4f37ac9c8c4da7e79cb9aa6bcf056e339

  • SHA256

    0820a92cf03e8b51b7e802c47e66d58b44d6e3b4f3d2536ec380c7e2f7942c18

  • SHA512

    a53510f14cc033b57873f04a5e403c4529648e0800e142323d8885d63b2fc072e850d84086f3475a2ab96e97312588cd01d7114ed063a48f06ebb56c001a3ee3

  • SSDEEP

    1536:Cvvvb+3TznlEGlGa4M1qaRWizJaF6l2Mrbz4jpLVD2DSCEZjdDEb9iobLP:J4M1qaRWG2Mrbz4jpLICR09iobLP

Score
10/10
macromacro_on_actionxlm

Malware Config

Targets

    • Target

      0820a92cf03e8b51b7e802c47e66d58b44d6e3b4f3d2536ec380c7e2f7942c18

    • Size

      149KB

    • MD5

      aab02933badbcc18e2437eb15d335b0a

    • SHA1

      3ee06bb4f37ac9c8c4da7e79cb9aa6bcf056e339

    • SHA256

      0820a92cf03e8b51b7e802c47e66d58b44d6e3b4f3d2536ec380c7e2f7942c18

    • SHA512

      a53510f14cc033b57873f04a5e403c4529648e0800e142323d8885d63b2fc072e850d84086f3475a2ab96e97312588cd01d7114ed063a48f06ebb56c001a3ee3

    • SSDEEP

      1536:Cvvvb+3TznlEGlGa4M1qaRWizJaF6l2Mrbz4jpLVD2DSCEZjdDEb9iobLP:J4M1qaRWG2Mrbz4jpLICR09iobLP

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks