Overview

overview

10

Static

static

8

29bdd4d419...07.xls

windows7-x64

10

29bdd4d419...07.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29bdd4d419993c95724ab63f121f66b0d08d534ae2374225bfb2d157df9ce307

  • Size

    107KB

  • Sample

    221129-s37qcsfc9z

  • MD5

    670a5393dd99b91a04d3ec73ebc6bd54

  • SHA1

    a03133a8cc882263b1988f71056036a14aa3cf3b

  • SHA256

    29bdd4d419993c95724ab63f121f66b0d08d534ae2374225bfb2d157df9ce307

  • SHA512

    5e9f114ab3a56fe067ba775668e18af25db354dff1966cc84168a97038992f7f03f2c1aa9512826c590c8c3d38fad79168a9ee595b2cf727e2d1ccf9ff85f173

  • SSDEEP

    1536:qJJJlh5I8UdsqfUWVbrzQ7ONfTkR62ls088ScJtXwRbM2M/MBVzJ:yWVbrzQ7ETk9rjhJtXwa5kDzJ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      29bdd4d419993c95724ab63f121f66b0d08d534ae2374225bfb2d157df9ce307

    • Size

      107KB

    • MD5

      670a5393dd99b91a04d3ec73ebc6bd54

    • SHA1

      a03133a8cc882263b1988f71056036a14aa3cf3b

    • SHA256

      29bdd4d419993c95724ab63f121f66b0d08d534ae2374225bfb2d157df9ce307

    • SHA512

      5e9f114ab3a56fe067ba775668e18af25db354dff1966cc84168a97038992f7f03f2c1aa9512826c590c8c3d38fad79168a9ee595b2cf727e2d1ccf9ff85f173

    • SSDEEP

      1536:qJJJlh5I8UdsqfUWVbrzQ7ONfTkR62ls088ScJtXwRbM2M/MBVzJ:yWVbrzQ7ETk9rjhJtXwa5kDzJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks