Overview

overview

10

Static

static

8

af79db274d...de.xls

windows7-x64

10

af79db274d...de.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af79db274dfa6b863c9dfb2d798b71547086db2a8e3d014801212566ad6261de

  • Size

    98KB

  • Sample

    221129-r2e4aahe65

  • MD5

    d46ad631dde78a1a5b6df7683b35e868

  • SHA1

    9c6e1628913a916264ab716684c73e096c325b3c

  • SHA256

    af79db274dfa6b863c9dfb2d798b71547086db2a8e3d014801212566ad6261de

  • SHA512

    1839c7d2bc60ed00f084a529676e222b022c98795e1c5975889f670af01f7fb051011a3e9f56853b927779287f3df7c8b63bc8a4e48a7a549c02d481a63031ff

  • SSDEEP

    1536:qgAF2CAeRl86DWVbsSzxnIzQ7ITkR62l+IhY7nJdJoOd7XJtXwRtM2M/M4lk:pCAeRlVWVbTIzQ7ITk9x2bJtXwE5kgk

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      af79db274dfa6b863c9dfb2d798b71547086db2a8e3d014801212566ad6261de

    • Size

      98KB

    • MD5

      d46ad631dde78a1a5b6df7683b35e868

    • SHA1

      9c6e1628913a916264ab716684c73e096c325b3c

    • SHA256

      af79db274dfa6b863c9dfb2d798b71547086db2a8e3d014801212566ad6261de

    • SHA512

      1839c7d2bc60ed00f084a529676e222b022c98795e1c5975889f670af01f7fb051011a3e9f56853b927779287f3df7c8b63bc8a4e48a7a549c02d481a63031ff

    • SSDEEP

      1536:qgAF2CAeRl86DWVbsSzxnIzQ7ITkR62l+IhY7nJdJoOd7XJtXwRtM2M/M4lk:pCAeRlVWVbTIzQ7ITk9x2bJtXwE5kgk

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks