Overview

overview

10

Static

static

8

5edf939f60...9e.xls

windows7-x64

10

5edf939f60...9e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5edf939f6022c5e2d2adeec2055edeb2d62540cc6209933e50b342ee169c899e

  • Size

    223KB

  • Sample

    221129-r2ahsscc4t

  • MD5

    77388fb09dc62a47f7d7f56305d77d69

  • SHA1

    3e3d0ee79a61a1175518649a0276dd9105a0b665

  • SHA256

    5edf939f6022c5e2d2adeec2055edeb2d62540cc6209933e50b342ee169c899e

  • SHA512

    4fce0dcb827627082d7b10060b52fa55fd564e054787f2b723554c375e36fbcec45a60a3af1ed9a9dc0ccaf80047028a2dfdc5750062302dab71e76a0cec9120

  • SSDEEP

    3072:XUY6XvGI3a4+f5Pcj4YwBIyKtZEiQATiFiK/kAE/SiuDwZsn69QLeh0vlXayUd7w:XUxqFKzedXQ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      5edf939f6022c5e2d2adeec2055edeb2d62540cc6209933e50b342ee169c899e

    • Size

      223KB

    • MD5

      77388fb09dc62a47f7d7f56305d77d69

    • SHA1

      3e3d0ee79a61a1175518649a0276dd9105a0b665

    • SHA256

      5edf939f6022c5e2d2adeec2055edeb2d62540cc6209933e50b342ee169c899e

    • SHA512

      4fce0dcb827627082d7b10060b52fa55fd564e054787f2b723554c375e36fbcec45a60a3af1ed9a9dc0ccaf80047028a2dfdc5750062302dab71e76a0cec9120

    • SSDEEP

      3072:XUY6XvGI3a4+f5Pcj4YwBIyKtZEiQATiFiK/kAE/SiuDwZsn69QLeh0vlXayUd7w:XUxqFKzedXQ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks