Overview

overview

10

Static

static

8

cf8ef27a47...b1.xls

windows7-x64

10

cf8ef27a47...b1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf8ef27a47d0751b7d74606239868460580eb9f1b4aca176646e665cd97a2eb1

  • Size

    162KB

  • Sample

    221129-knk9taga9x

  • MD5

    2d5f2206be8584682eece9f0db900b12

  • SHA1

    159d5962ff92a38b71a060134c59329abdd348e1

  • SHA256

    cf8ef27a47d0751b7d74606239868460580eb9f1b4aca176646e665cd97a2eb1

  • SHA512

    21a1f3c2bd212e11327313389918227e92b7713c15d2a371b3523fd08398a7277a1819632fbe1d45714a97163d509bc4c4c3f9db2b2fe4c4845c444a3e6a4206

  • SSDEEP

    3072:ezq0rbx4/LiXkxGUBrpgD8IBPFm91aWVbrzb7ITk99joJtXw15k5/:EqV1ugIBe10

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      cf8ef27a47d0751b7d74606239868460580eb9f1b4aca176646e665cd97a2eb1

    • Size

      162KB

    • MD5

      2d5f2206be8584682eece9f0db900b12

    • SHA1

      159d5962ff92a38b71a060134c59329abdd348e1

    • SHA256

      cf8ef27a47d0751b7d74606239868460580eb9f1b4aca176646e665cd97a2eb1

    • SHA512

      21a1f3c2bd212e11327313389918227e92b7713c15d2a371b3523fd08398a7277a1819632fbe1d45714a97163d509bc4c4c3f9db2b2fe4c4845c444a3e6a4206

    • SSDEEP

      3072:ezq0rbx4/LiXkxGUBrpgD8IBPFm91aWVbrzb7ITk99joJtXw15k5/:EqV1ugIBe10

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks