Overview

overview

10

Static

static

8

85fdabbd5e...02.xls

windows7-x64

10

85fdabbd5e...02.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85fdabbd5e38b4e8ed43cd7ef2167676c72cfd6bc70e8680eafe7b47625b7b02

  • Size

    146KB

  • Sample

    221130-brv4raeg83

  • MD5

    4bff992a443fa63046c64e262b787e4f

  • SHA1

    e1b3e01fd883fa53c12501804a0a16f88069f29b

  • SHA256

    85fdabbd5e38b4e8ed43cd7ef2167676c72cfd6bc70e8680eafe7b47625b7b02

  • SHA512

    385ebe026007d95916b1ce23dc0aa0eecefe386461636da4f5423c1291352c5bccb1cddf051799509dac081775885510896c307eb0c0774c5d8af93f7826a770

  • SSDEEP

    1536:qXXXz0N/x7XSqZFXxqYMEd9iNxGmXd1kLX49Z95WFaf+87gS2dS0iPn1F+WVbrIO:UWr8ZgWVbr9Q7ITkDeKJtXw5v4W5Vd

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      85fdabbd5e38b4e8ed43cd7ef2167676c72cfd6bc70e8680eafe7b47625b7b02

    • Size

      146KB

    • MD5

      4bff992a443fa63046c64e262b787e4f

    • SHA1

      e1b3e01fd883fa53c12501804a0a16f88069f29b

    • SHA256

      85fdabbd5e38b4e8ed43cd7ef2167676c72cfd6bc70e8680eafe7b47625b7b02

    • SHA512

      385ebe026007d95916b1ce23dc0aa0eecefe386461636da4f5423c1291352c5bccb1cddf051799509dac081775885510896c307eb0c0774c5d8af93f7826a770

    • SSDEEP

      1536:qXXXz0N/x7XSqZFXxqYMEd9iNxGmXd1kLX49Z95WFaf+87gS2dS0iPn1F+WVbrIO:UWr8ZgWVbr9Q7ITkDeKJtXw5v4W5Vd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks