Overview

overview

10

Static

static

8

9bd4a61f84...31.xls

windows7-x64

10

9bd4a61f84...31.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bd4a61f84988a0588868e71c1c8ae32be7ec2922b700b85d1afbead957c4631

  • Size

    100KB

  • Sample

    221128-mzyemadb41

  • MD5

    97bdee44ba0a2e03552bb1b2bd729f80

  • SHA1

    156796ee51c098e896af360cbb557fd3fe33b1c2

  • SHA256

    9bd4a61f84988a0588868e71c1c8ae32be7ec2922b700b85d1afbead957c4631

  • SHA512

    caf2785e5e1b472bcf9e2c0e084b7b0cdbb75b11d3907a2369047ae744f067076bc84edb4b4be1379dc596e18caf1b0d31352d71cd1ea1e8ce5a409f2eeb5daa

  • SSDEEP

    3072:pe1gxv7yZmspH7+cclKisQ6NqTBun5oIFIhzvY/2jcc0lbxOKrmaxU4/:g1gxv7yZmspH7+cclKisQ6NqTBun5oIH

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      9bd4a61f84988a0588868e71c1c8ae32be7ec2922b700b85d1afbead957c4631

    • Size

      100KB

    • MD5

      97bdee44ba0a2e03552bb1b2bd729f80

    • SHA1

      156796ee51c098e896af360cbb557fd3fe33b1c2

    • SHA256

      9bd4a61f84988a0588868e71c1c8ae32be7ec2922b700b85d1afbead957c4631

    • SHA512

      caf2785e5e1b472bcf9e2c0e084b7b0cdbb75b11d3907a2369047ae744f067076bc84edb4b4be1379dc596e18caf1b0d31352d71cd1ea1e8ce5a409f2eeb5daa

    • SSDEEP

      3072:pe1gxv7yZmspH7+cclKisQ6NqTBun5oIFIhzvY/2jcc0lbxOKrmaxU4/:g1gxv7yZmspH7+cclKisQ6NqTBun5oIH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks