Overview

overview

10

Static

static

8

f302e59d6e...28.xls

windows7-x64

10

f302e59d6e...28.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f302e59d6e06eaf7dcbd1e120bd7d2de8a57f2a00592760ec864b85636d00128

  • Size

    105KB

  • Sample

    221128-nqr2xsfa4v

  • MD5

    57f7a687da7b2855e6523788bf47fb84

  • SHA1

    25a819ff7361ea5b4ea8352ab96f372e9f638b1a

  • SHA256

    f302e59d6e06eaf7dcbd1e120bd7d2de8a57f2a00592760ec864b85636d00128

  • SHA512

    920c32d23a0a17e544c52c1e7c787c132d5fd20b9f653744db4ef94275c8cc8b0e8596c75395be13233e3711ee726ba409c0ca8c1dc9a606990b846d3206f69c

  • SSDEEP

    1536:tqqqeC6/X3inHZ2LWVbrzjeMN7ITkR62lVM88SoJtXwhcM2M/MfARbDhT1l:IH+WVbrzZN7ITk9MjdJtXwR5koD9

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f302e59d6e06eaf7dcbd1e120bd7d2de8a57f2a00592760ec864b85636d00128

    • Size

      105KB

    • MD5

      57f7a687da7b2855e6523788bf47fb84

    • SHA1

      25a819ff7361ea5b4ea8352ab96f372e9f638b1a

    • SHA256

      f302e59d6e06eaf7dcbd1e120bd7d2de8a57f2a00592760ec864b85636d00128

    • SHA512

      920c32d23a0a17e544c52c1e7c787c132d5fd20b9f653744db4ef94275c8cc8b0e8596c75395be13233e3711ee726ba409c0ca8c1dc9a606990b846d3206f69c

    • SSDEEP

      1536:tqqqeC6/X3inHZ2LWVbrzjeMN7ITkR62lVM88SoJtXwhcM2M/MfARbDhT1l:IH+WVbrzZN7ITk9MjdJtXwR5koD9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks