Overview

overview

10

Static

static

8

2e1098d68e...6c.xls

windows7-x64

10

2e1098d68e...6c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e1098d68eef630c634e79978eee121ba68dcaa93099b1a994995c8dfe8b066c

  • Size

    92KB

  • Sample

    221128-nqpa2aag49

  • MD5

    1726b8c54a5679fc6278f68851aefc97

  • SHA1

    7389a462c9e582aed8d458cafc16c9604c694eae

  • SHA256

    2e1098d68eef630c634e79978eee121ba68dcaa93099b1a994995c8dfe8b066c

  • SHA512

    22c71f5afae5a6c7fc4a328d89f8e747c55a45e85cd04d3839c6dbc04bb281c677386c39f4b68c4b3d3e4ec4397b4295b9c733b3bf05b15a734fae62a26138b1

  • SSDEEP

    1536:8nlnlnlnlnfnQnOyK7Dns4nLvQEnlnjnrnqBnkcntnur+Z95gtVVkXpFl2jcc0lV:QNVSl2jcc0lbxOrujDJtXwXc

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      2e1098d68eef630c634e79978eee121ba68dcaa93099b1a994995c8dfe8b066c

    • Size

      92KB

    • MD5

      1726b8c54a5679fc6278f68851aefc97

    • SHA1

      7389a462c9e582aed8d458cafc16c9604c694eae

    • SHA256

      2e1098d68eef630c634e79978eee121ba68dcaa93099b1a994995c8dfe8b066c

    • SHA512

      22c71f5afae5a6c7fc4a328d89f8e747c55a45e85cd04d3839c6dbc04bb281c677386c39f4b68c4b3d3e4ec4397b4295b9c733b3bf05b15a734fae62a26138b1

    • SSDEEP

      1536:8nlnlnlnlnfnQnOyK7Dns4nLvQEnlnjnrnqBnkcntnur+Z95gtVVkXpFl2jcc0lV:QNVSl2jcc0lbxOrujDJtXwXc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks