Overview

overview

10

Static

static

8

0dc23c2f8a...d8.xls

windows7-x64

10

0dc23c2f8a...d8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dc23c2f8a57268da4e0839394003dffe703e889b4013be45f401621789a75d8

  • Size

    208KB

  • Sample

    221129-knq53adb77

  • MD5

    ff67f986418caf6c865cf41899dbf590

  • SHA1

    e14d21cc8aea805515dacedeba58ce9fa1303889

  • SHA256

    0dc23c2f8a57268da4e0839394003dffe703e889b4013be45f401621789a75d8

  • SHA512

    0d208f4460988054c90804ae2b8cbb7e6569c5c457432ba360eddab262a0a22c400d7fd134fba0c03ef9fb077dee030989a15f64f137f094b5cc75c706b64dc5

  • SSDEEP

    3072:KsBOlWzB93OrUAiLPrcsUBbXOwICJHE0Bc+lPOvy3Ga2jcc0lbxOK92AJtXwZz:ZBvzB93OxOwICZEQPOvec2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      0dc23c2f8a57268da4e0839394003dffe703e889b4013be45f401621789a75d8

    • Size

      208KB

    • MD5

      ff67f986418caf6c865cf41899dbf590

    • SHA1

      e14d21cc8aea805515dacedeba58ce9fa1303889

    • SHA256

      0dc23c2f8a57268da4e0839394003dffe703e889b4013be45f401621789a75d8

    • SHA512

      0d208f4460988054c90804ae2b8cbb7e6569c5c457432ba360eddab262a0a22c400d7fd134fba0c03ef9fb077dee030989a15f64f137f094b5cc75c706b64dc5

    • SSDEEP

      3072:KsBOlWzB93OrUAiLPrcsUBbXOwICJHE0Bc+lPOvy3Ga2jcc0lbxOK92AJtXwZz:ZBvzB93OxOwICZEQPOvec2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks