Overview

overview

10

Static

static

8

c705502b16...fb.xls

windows7-x64

10

c705502b16...fb.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c705502b165cce5aada163d5e4708f78c541d93681356eefc95aef7aa0e7befb

  • Size

    203KB

  • Sample

    221128-pyjaesde74

  • MD5

    7a5f02c67dec58466c91016d73002f95

  • SHA1

    2f3c81b68c89ddbae9ee90d07974b765901e02a4

  • SHA256

    c705502b165cce5aada163d5e4708f78c541d93681356eefc95aef7aa0e7befb

  • SHA512

    8e7b52e91cc9a6da9cfccde703a10baad181e2f50eac2a3ff928d79710894ae700c31598599c451610069fd3b6a1417192a44ad1beec5b8ea927482d4c19c408

  • SSDEEP

    6144:+5EFbPu1iIFb3SAYBO2ACy6VwDR+0OxwhydmTgEW:fmTn

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c705502b165cce5aada163d5e4708f78c541d93681356eefc95aef7aa0e7befb

    • Size

      203KB

    • MD5

      7a5f02c67dec58466c91016d73002f95

    • SHA1

      2f3c81b68c89ddbae9ee90d07974b765901e02a4

    • SHA256

      c705502b165cce5aada163d5e4708f78c541d93681356eefc95aef7aa0e7befb

    • SHA512

      8e7b52e91cc9a6da9cfccde703a10baad181e2f50eac2a3ff928d79710894ae700c31598599c451610069fd3b6a1417192a44ad1beec5b8ea927482d4c19c408

    • SSDEEP

      6144:+5EFbPu1iIFb3SAYBO2ACy6VwDR+0OxwhydmTgEW:fmTn

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks