Overview

overview

10

Static

static

8

ab03fab818...dc.xls

windows7-x64

10

ab03fab818...dc.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab03fab818487d0220861344e568427ecfd7d6ab80381d5faadf151d5b84badc

  • Size

    167KB

  • Sample

    221128-ntt1paba39

  • MD5

    e1a92b2601db1c4f18468cbc7ff7f4c8

  • SHA1

    f1bd79d3f39b2cbb76972bcd2e86f22351269a13

  • SHA256

    ab03fab818487d0220861344e568427ecfd7d6ab80381d5faadf151d5b84badc

  • SHA512

    8f6fe6cce8c1123c76c00eab3ef4572b6dac938881bf63b34458c2fe4ee7e91deade73d5e3d63373d7b61fc5e85dcc2c0fd69a94c208b86f641b7288fca14dd5

  • SSDEEP

    1536:Gwww80wmqYIACk6+I65lRpE44dh+6dMunId2sZ95ND80+zHMpcF3fzaJ7J3kM6fC:VmHMpXWVbrzQ7bRe+Tk95Ge5kuoV

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ab03fab818487d0220861344e568427ecfd7d6ab80381d5faadf151d5b84badc

    • Size

      167KB

    • MD5

      e1a92b2601db1c4f18468cbc7ff7f4c8

    • SHA1

      f1bd79d3f39b2cbb76972bcd2e86f22351269a13

    • SHA256

      ab03fab818487d0220861344e568427ecfd7d6ab80381d5faadf151d5b84badc

    • SHA512

      8f6fe6cce8c1123c76c00eab3ef4572b6dac938881bf63b34458c2fe4ee7e91deade73d5e3d63373d7b61fc5e85dcc2c0fd69a94c208b86f641b7288fca14dd5

    • SSDEEP

      1536:Gwww80wmqYIACk6+I65lRpE44dh+6dMunId2sZ95ND80+zHMpcF3fzaJ7J3kM6fC:VmHMpXWVbrzQ7bRe+Tk95Ge5kuoV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks