Overview

overview

10

Static

static

8

b5e3ff987e...bd.xls

windows7-x64

10

b5e3ff987e...bd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5e3ff987e4e0f4a906a3874ff12bb511748d3096200b4020745ca0d702d0abd

  • Size

    124KB

  • Sample

    221129-r95nxada5w

  • MD5

    67d7c3961093b5af53652a2af0cdbe01

  • SHA1

    87453833b4b04a97d049a864682f40596d477506

  • SHA256

    b5e3ff987e4e0f4a906a3874ff12bb511748d3096200b4020745ca0d702d0abd

  • SHA512

    ba9a09795bdc93703c889dcbbf60bf95dfd7dec71a6fa6bb419c38462840bbeb618f81bd8c247e08620a9303059e7ef5b0c9cd12c77beb0fe64abfe1251ce2a4

  • SSDEEP

    3072:QxPnwAX+8SFPWVbrzQ7ITk9yEdJtXwJ5kcvrR:Qh+Jd6T

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      b5e3ff987e4e0f4a906a3874ff12bb511748d3096200b4020745ca0d702d0abd

    • Size

      124KB

    • MD5

      67d7c3961093b5af53652a2af0cdbe01

    • SHA1

      87453833b4b04a97d049a864682f40596d477506

    • SHA256

      b5e3ff987e4e0f4a906a3874ff12bb511748d3096200b4020745ca0d702d0abd

    • SHA512

      ba9a09795bdc93703c889dcbbf60bf95dfd7dec71a6fa6bb419c38462840bbeb618f81bd8c247e08620a9303059e7ef5b0c9cd12c77beb0fe64abfe1251ce2a4

    • SSDEEP

      3072:QxPnwAX+8SFPWVbrzQ7ITk9yEdJtXwJ5kcvrR:Qh+Jd6T

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks