Overview

overview

10

Static

static

8

a17e2eca6e...b3.xls

windows7-x64

10

a17e2eca6e...b3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a17e2eca6ee9cbfe43ee2db8364fbe7af75ef319bc68487a7224da0aee2fc4b3

  • Size

    162KB

  • Sample

    221129-s36hasce82

  • MD5

    dd513ae86ad9a227969d006b6ecaac22

  • SHA1

    75880150c4ba2a9ab8eab6e733b5f22e1b8a2086

  • SHA256

    a17e2eca6ee9cbfe43ee2db8364fbe7af75ef319bc68487a7224da0aee2fc4b3

  • SHA512

    d0c60a15915b768416236a483874f343c49aeae5d3504aab32773391fb8957c1824993fe60f6e3b27e057361360f5f2ef893a118822c4016b9cf94883b9e79da

  • SSDEEP

    3072:BhFqVaxQTng60kUOVha20qWAbxxbG65QWmJCKWVbrzk7ITk9EU0J7Xw/5kBR:BhFqVaxQTng60kUOVha20qWAbxxbXmEN

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a17e2eca6ee9cbfe43ee2db8364fbe7af75ef319bc68487a7224da0aee2fc4b3

    • Size

      162KB

    • MD5

      dd513ae86ad9a227969d006b6ecaac22

    • SHA1

      75880150c4ba2a9ab8eab6e733b5f22e1b8a2086

    • SHA256

      a17e2eca6ee9cbfe43ee2db8364fbe7af75ef319bc68487a7224da0aee2fc4b3

    • SHA512

      d0c60a15915b768416236a483874f343c49aeae5d3504aab32773391fb8957c1824993fe60f6e3b27e057361360f5f2ef893a118822c4016b9cf94883b9e79da

    • SSDEEP

      3072:BhFqVaxQTng60kUOVha20qWAbxxbG65QWmJCKWVbrzk7ITk9EU0J7Xw/5kBR:BhFqVaxQTng60kUOVha20qWAbxxbXmEN

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks