Overview

overview

10

Static

static

8

fee56268d3...44.xls

windows7-x64

10

fee56268d3...44.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fee56268d3560caa41a6955ddc97b29578794be22e334013299f6aee4bf6dd44

  • Size

    142KB

  • Sample

    221128-qldd3sfb67

  • MD5

    a02df9c9b2c39cbc116b75f4298360d1

  • SHA1

    d1a23543c9e2d6c7bcc78dd059e8ec2209a139ed

  • SHA256

    fee56268d3560caa41a6955ddc97b29578794be22e334013299f6aee4bf6dd44

  • SHA512

    875990d0d45623c1e7b46b23848fd0ac2ff12a6d03c7a488d3717fcd40198cca59cbf295203230794232217c16df463b4d1556f3fd5af94e09ce08c47a13601e

  • SSDEEP

    3072:Rbl6Nc7yRzs1H75wkZUgsQ6NqTBun5ooKaL3i2jcc0lbxOrU5vnD:Vl6Nc7yRzs1H75wkZUgsQ6NqTBun5o14

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      fee56268d3560caa41a6955ddc97b29578794be22e334013299f6aee4bf6dd44

    • Size

      142KB

    • MD5

      a02df9c9b2c39cbc116b75f4298360d1

    • SHA1

      d1a23543c9e2d6c7bcc78dd059e8ec2209a139ed

    • SHA256

      fee56268d3560caa41a6955ddc97b29578794be22e334013299f6aee4bf6dd44

    • SHA512

      875990d0d45623c1e7b46b23848fd0ac2ff12a6d03c7a488d3717fcd40198cca59cbf295203230794232217c16df463b4d1556f3fd5af94e09ce08c47a13601e

    • SSDEEP

      3072:Rbl6Nc7yRzs1H75wkZUgsQ6NqTBun5ooKaL3i2jcc0lbxOrU5vnD:Vl6Nc7yRzs1H75wkZUgsQ6NqTBun5o14

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks