d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c | Triage

Submit
Reports

Overview

overview

Static

static

8

d49bac6027...1c.xls

windows7-x64

d49bac6027...1c.xls

windows10-2004-x64

1

Sharing

General

Target

d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c
Size

284KB
Sample

221128-nddc1ahh48
MD5

f0148b0514c2131c0826903daec6c830
SHA1

787233eb1900b9cb7d761bd219557f6aa4511913
SHA256

d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c
SHA512

3763b093476815edd1b1fe87c55ba7d96b6905d3177eb73bb42880ecb4ed407b3ab2440cb0315f63328b769325d74bbb05f1fef8e7d2d454e4c71351c33200f5
SSDEEP

6144:1s5XQ3P8/uqrzD4WI6NIcNj+VwJAZQvcjkBC4v7+WZ9ebBD:l3P8//D361yJW90C2Kl

Score

10^/10

evasion macro macro_on_action persistence xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c.xls

Resource

win7-20220812-en

evasion macro macro_on_action persistence xlm

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c.xls

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c
- Size
  
  284KB
- MD5
  
  f0148b0514c2131c0826903daec6c830
- SHA1
  
  787233eb1900b9cb7d761bd219557f6aa4511913
- SHA256
  
  d49bac60275f4e2ddffd354586089539519cf3821f93479b19b5ddf12599721c
- SHA512
  
  3763b093476815edd1b1fe87c55ba7d96b6905d3177eb73bb42880ecb4ed407b3ab2440cb0315f63328b769325d74bbb05f1fef8e7d2d454e4c71351c33200f5
- SSDEEP
  
  6144:1s5XQ3P8/uqrzD4WI6NIcNj+VwJAZQvcjkBC4v7+WZ9ebBD:l3P8//D361yJW90C2Kl
Score

10^/10

evasion macro macro_on_action persistence xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionmacromacro_on_actionpersistencexlm

behavioral2

© 2018-2024

Terms | Privacy