Overview

overview

10

Static

static

8

7eb33aef2c...75.xls

windows7-x64

10

7eb33aef2c...75.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7eb33aef2c2db992c4ddcd8e3ce531da3c6216b22a7800ff302ff72aaf538b75

  • Size

    234KB

  • Sample

    221128-pyhnwshg2v

  • MD5

    aacff3fefa41ad1200de0c7f9d737459

  • SHA1

    1aa4f8b67ef4d4b6e88912f99b55598b732f7354

  • SHA256

    7eb33aef2c2db992c4ddcd8e3ce531da3c6216b22a7800ff302ff72aaf538b75

  • SHA512

    c712a98169cb678d7fcadd9ef83bc67d82ddfdaba31fe48705a273e9442957490434d32d10a03d94505b686aa5dc57250d88633ced63a404b9f7693ac428cf47

  • SSDEEP

    6144:m5EFbPu1iIFb3SAYBO2ACy6VB6SHFOovWy4pdqb/t9G:epdqb/L

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      7eb33aef2c2db992c4ddcd8e3ce531da3c6216b22a7800ff302ff72aaf538b75

    • Size

      234KB

    • MD5

      aacff3fefa41ad1200de0c7f9d737459

    • SHA1

      1aa4f8b67ef4d4b6e88912f99b55598b732f7354

    • SHA256

      7eb33aef2c2db992c4ddcd8e3ce531da3c6216b22a7800ff302ff72aaf538b75

    • SHA512

      c712a98169cb678d7fcadd9ef83bc67d82ddfdaba31fe48705a273e9442957490434d32d10a03d94505b686aa5dc57250d88633ced63a404b9f7693ac428cf47

    • SSDEEP

      6144:m5EFbPu1iIFb3SAYBO2ACy6VB6SHFOovWy4pdqb/t9G:epdqb/L

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks