Overview

overview

10

Static

static

8

a9df59ece2...18.xls

windows7-x64

10

a9df59ece2...18.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9df59ece2c155b659d0bf0e12fc6a76eaecb6e323dca94684192d7c2de82418

  • Size

    99KB

  • Sample

    221129-r943dada5v

  • MD5

    b083d61cd40856951cbc832210e9925c

  • SHA1

    a39e442b8b75da88703f916eab5c1c3b9267e3a6

  • SHA256

    a9df59ece2c155b659d0bf0e12fc6a76eaecb6e323dca94684192d7c2de82418

  • SHA512

    a0b947ce5e091b2e5d34d699d40a46cbaa04e0dd8b326c4275e5c9a8875b989d9f46ae6c1a8608e0428932aa578d62f43271cf95ec941e19d95cad0825e79675

  • SSDEEP

    1536:Xxxx9xvsDySU1QHWVbrz7On7ITkiD2KcCORNWEIunyJM2M/MVXbZA:cTWVbrz7m7ITkDXD9nv5kNbZA

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a9df59ece2c155b659d0bf0e12fc6a76eaecb6e323dca94684192d7c2de82418

    • Size

      99KB

    • MD5

      b083d61cd40856951cbc832210e9925c

    • SHA1

      a39e442b8b75da88703f916eab5c1c3b9267e3a6

    • SHA256

      a9df59ece2c155b659d0bf0e12fc6a76eaecb6e323dca94684192d7c2de82418

    • SHA512

      a0b947ce5e091b2e5d34d699d40a46cbaa04e0dd8b326c4275e5c9a8875b989d9f46ae6c1a8608e0428932aa578d62f43271cf95ec941e19d95cad0825e79675

    • SSDEEP

      1536:Xxxx9xvsDySU1QHWVbrz7On7ITkiD2KcCORNWEIunyJM2M/MVXbZA:cTWVbrz7m7ITkDXD9nv5kNbZA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks