Overview

overview

10

Static

static

8

748a1238bb...99.xls

windows7-x64

10

748a1238bb...99.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    748a1238bb08fa09e20b0b4e7047b1910aaa7a691085a3df3301cb92b4836199

  • Size

    108KB

  • Sample

    221130-br3htseg98

  • MD5

    eeed12dc63ada2acb35b0c04b8c5a293

  • SHA1

    7477fec5fe0601c30fcdc99c2818f6301f2a6f30

  • SHA256

    748a1238bb08fa09e20b0b4e7047b1910aaa7a691085a3df3301cb92b4836199

  • SHA512

    ace3a8d615c3e9f2b1ed635fa33edaf924fdfe8b243f403b3faa7c0a47cd2b7d2a2879ce5cc69ff85e387d1f304dc3855f59e58c8b360f8dec68d1cea379a0fa

  • SSDEEP

    1536:1dddTwSuGX3oHTEkdXPmJA5xRZ1zlY2WZ95tavWGysZcglnUWVbrzQ7IC8cpDuk9:K8GyScRWVbrzQ7ITcDukZljhJtXwS1

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      748a1238bb08fa09e20b0b4e7047b1910aaa7a691085a3df3301cb92b4836199

    • Size

      108KB

    • MD5

      eeed12dc63ada2acb35b0c04b8c5a293

    • SHA1

      7477fec5fe0601c30fcdc99c2818f6301f2a6f30

    • SHA256

      748a1238bb08fa09e20b0b4e7047b1910aaa7a691085a3df3301cb92b4836199

    • SHA512

      ace3a8d615c3e9f2b1ed635fa33edaf924fdfe8b243f403b3faa7c0a47cd2b7d2a2879ce5cc69ff85e387d1f304dc3855f59e58c8b360f8dec68d1cea379a0fa

    • SSDEEP

      1536:1dddTwSuGX3oHTEkdXPmJA5xRZ1zlY2WZ95tavWGysZcglnUWVbrzQ7IC8cpDuk9:K8GyScRWVbrzQ7ITcDukZljhJtXwS1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks