Overview

overview

10

Static

static

8

36dd24c003...64.xls

windows7-x64

10

36dd24c003...64.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36dd24c003e536e376f01c647f17f18da1076da78e481802292daaca04f0a764

  • Size

    171KB

  • Sample

    221128-nqpxkaag52

  • MD5

    fd6bd272fe5ae5c7b21c5bb0caa56323

  • SHA1

    3782741f409c390b420c6fe6b87a1ccb06a61b79

  • SHA256

    36dd24c003e536e376f01c647f17f18da1076da78e481802292daaca04f0a764

  • SHA512

    ef9f3fcab05a3ea6acf716fefa334b83705e48b6609848ea22cc78b895cc373dbc090bc4d4d9ba59dadf99ff02b15a56528ae3f40e389b67fb8def6d80ef0b7e

  • SSDEEP

    3072:FS6iEkR8IesKeacBFb9g5iM92y7Ls2MNbzFgZJxgYzQ5BH6yk6YvIu4WVbrMDQ7c:DJetBJK8Ok3

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      36dd24c003e536e376f01c647f17f18da1076da78e481802292daaca04f0a764

    • Size

      171KB

    • MD5

      fd6bd272fe5ae5c7b21c5bb0caa56323

    • SHA1

      3782741f409c390b420c6fe6b87a1ccb06a61b79

    • SHA256

      36dd24c003e536e376f01c647f17f18da1076da78e481802292daaca04f0a764

    • SHA512

      ef9f3fcab05a3ea6acf716fefa334b83705e48b6609848ea22cc78b895cc373dbc090bc4d4d9ba59dadf99ff02b15a56528ae3f40e389b67fb8def6d80ef0b7e

    • SSDEEP

      3072:FS6iEkR8IesKeacBFb9g5iM92y7Ls2MNbzFgZJxgYzQ5BH6yk6YvIu4WVbrMDQ7c:DJetBJK8Ok3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks