Overview

overview

10

Static

static

8

e11c6dadca...1d.xls

windows7-x64

10

e11c6dadca...1d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e11c6dadca8996260536a8ab733ec68f1381a2292c66998e8a0a290d6456a21d

  • Size

    110KB

  • Sample

    221129-knknaadb64

  • MD5

    7f150bfdfe30149e172fa35ddb18abf6

  • SHA1

    27874b05c3c53830a9d994ce2d63a0f032fe89db

  • SHA256

    e11c6dadca8996260536a8ab733ec68f1381a2292c66998e8a0a290d6456a21d

  • SHA512

    a7c3eb610d6b30ff674589e35e9b47b74d0653180cff0684c6a7ba26f273b304f985a5260f08ce89ddada891f3a9c36bb4b3fad44a0be60e576e56a6fc46d9f6

  • SSDEEP

    3072:pQMfl+dr7vnFri2jcc0lbxOKcEdJtXwCL2C:pSvn9OHaC

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      e11c6dadca8996260536a8ab733ec68f1381a2292c66998e8a0a290d6456a21d

    • Size

      110KB

    • MD5

      7f150bfdfe30149e172fa35ddb18abf6

    • SHA1

      27874b05c3c53830a9d994ce2d63a0f032fe89db

    • SHA256

      e11c6dadca8996260536a8ab733ec68f1381a2292c66998e8a0a290d6456a21d

    • SHA512

      a7c3eb610d6b30ff674589e35e9b47b74d0653180cff0684c6a7ba26f273b304f985a5260f08ce89ddada891f3a9c36bb4b3fad44a0be60e576e56a6fc46d9f6

    • SSDEEP

      3072:pQMfl+dr7vnFri2jcc0lbxOKcEdJtXwCL2C:pSvn9OHaC

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks