Overview

overview

10

Static

static

8

2a12dafeac...bd.xls

windows7-x64

10

2a12dafeac...bd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a12dafeac627315df7af0963bc91472a0559e48a0b076eb6b6fc8b2516c6fbd

  • Size

    381KB

  • Sample

    221129-s34npsce77

  • MD5

    72f43680dad39c93a286c6242fb7777c

  • SHA1

    e8b25a926181ecd1b25a8455e385299bd010ac4b

  • SHA256

    2a12dafeac627315df7af0963bc91472a0559e48a0b076eb6b6fc8b2516c6fbd

  • SHA512

    1b2db1fd1aa60829d36142855beb10c18aeb10bb388ca03293abeac1be5dd94bc177ffd225cce0f47198b0f3b4c26533a1725a0d58c31c1a6deae86e69c15c73

  • SSDEEP

    3072:hW0t/romy0GlDmCe5n+wykjOYUg95JNMHbvVnzbLsUTHV8xq2aZn4tcFK8paEWVX:nncYx5JNMHbvVnzEBxx2+8wDh

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      2a12dafeac627315df7af0963bc91472a0559e48a0b076eb6b6fc8b2516c6fbd

    • Size

      381KB

    • MD5

      72f43680dad39c93a286c6242fb7777c

    • SHA1

      e8b25a926181ecd1b25a8455e385299bd010ac4b

    • SHA256

      2a12dafeac627315df7af0963bc91472a0559e48a0b076eb6b6fc8b2516c6fbd

    • SHA512

      1b2db1fd1aa60829d36142855beb10c18aeb10bb388ca03293abeac1be5dd94bc177ffd225cce0f47198b0f3b4c26533a1725a0d58c31c1a6deae86e69c15c73

    • SSDEEP

      3072:hW0t/romy0GlDmCe5n+wykjOYUg95JNMHbvVnzbLsUTHV8xq2aZn4tcFK8paEWVX:nncYx5JNMHbvVnzEBxx2+8wDh

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks