Overview

overview

10

Static

static

8

c389d32196...fd.xls

windows7-x64

10

c389d32196...fd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c389d32196e33f34eab1aba7e05e11139fead50570a029a127ffba1c54e087fd

  • Size

    86KB

  • Sample

    221129-r19lhahe53

  • MD5

    41d15b17b8c92a18e1a20e1b902de411

  • SHA1

    616896df7fbb8a5c0a023cece9e9796d9cc4c699

  • SHA256

    c389d32196e33f34eab1aba7e05e11139fead50570a029a127ffba1c54e087fd

  • SHA512

    cd115b3ead93895dca52d7effc3b321bdd32dcb6939836ea2d8fa483fbc72224b5441148bc5383c0cb714304dabb10f71229dc04fb4a0eda0b12acea3512556c

  • SSDEEP

    1536:DeeeeqLzeSq2lXbjSytC2BhYS6DQal6Nc7yRzs1H75wkZUiEfClsPI4ukoRWGNfN:Wal6Nc7yRzs1H75wkZUgsPI4ukoRWGNj

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c389d32196e33f34eab1aba7e05e11139fead50570a029a127ffba1c54e087fd

    • Size

      86KB

    • MD5

      41d15b17b8c92a18e1a20e1b902de411

    • SHA1

      616896df7fbb8a5c0a023cece9e9796d9cc4c699

    • SHA256

      c389d32196e33f34eab1aba7e05e11139fead50570a029a127ffba1c54e087fd

    • SHA512

      cd115b3ead93895dca52d7effc3b321bdd32dcb6939836ea2d8fa483fbc72224b5441148bc5383c0cb714304dabb10f71229dc04fb4a0eda0b12acea3512556c

    • SSDEEP

      1536:DeeeeqLzeSq2lXbjSytC2BhYS6DQal6Nc7yRzs1H75wkZUiEfClsPI4ukoRWGNfN:Wal6Nc7yRzs1H75wkZUgsPI4ukoRWGNj

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks