Overview

overview

10

Static

static

8

b12d4d1e50...23.xls

windows7-x64

10

b12d4d1e50...23.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b12d4d1e500ad000ea311807c1b26b21124023c5b11be0da100cf8134aa8d723

  • Size

    94KB

  • Sample

    221129-r2cyxscc4z

  • MD5

    468324f84129ff506b255abd46dcbaf5

  • SHA1

    2574d02d210b81cc11cf6d31818fbc93fa41e30d

  • SHA256

    b12d4d1e500ad000ea311807c1b26b21124023c5b11be0da100cf8134aa8d723

  • SHA512

    f93925f664c75a2c57febac9546b150e3f4f4d5bf18dcad0f3cb2c38cb2b83196509791a44a3fff14b46889fe306578d534c64dc75d91aaa06b213d914ea6f6c

  • SSDEEP

    1536:1EEEoM2v32gv8EhWVbrzQ7ITkfslwA23cM88SAJtXwn4v60:5DWVbrzQ7ITk7tjFJtXwy60

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      b12d4d1e500ad000ea311807c1b26b21124023c5b11be0da100cf8134aa8d723

    • Size

      94KB

    • MD5

      468324f84129ff506b255abd46dcbaf5

    • SHA1

      2574d02d210b81cc11cf6d31818fbc93fa41e30d

    • SHA256

      b12d4d1e500ad000ea311807c1b26b21124023c5b11be0da100cf8134aa8d723

    • SHA512

      f93925f664c75a2c57febac9546b150e3f4f4d5bf18dcad0f3cb2c38cb2b83196509791a44a3fff14b46889fe306578d534c64dc75d91aaa06b213d914ea6f6c

    • SSDEEP

      1536:1EEEoM2v32gv8EhWVbrzQ7ITkfslwA23cM88SAJtXwn4v60:5DWVbrzQ7ITk7tjFJtXwy60

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks