Overview

overview

10

Static

static

8

c5f78fa16a...f2.xls

windows7-x64

10

c5f78fa16a...f2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5f78fa16a534110cef680dac58ccc52b68cd15a9fe316d018c8d99b4a5228f2

  • Size

    395KB

  • Sample

    221202-sygndaee6t

  • MD5

    c4bd44f2a4ba7a3ecad01525dbf4594f

  • SHA1

    2e5ba9159c2c52e31b3bfff76da6ba792d5c5aff

  • SHA256

    c5f78fa16a534110cef680dac58ccc52b68cd15a9fe316d018c8d99b4a5228f2

  • SHA512

    b5eb5dd7ce4422aae58b64b7218315eab836f7a24a008c1d8a259bdc76b28d6a94b520a70d76c6949942916441e0c798e7a4c1f5a04172b7e80df7b5317f39bd

  • SSDEEP

    3072:h1mV2dDmU141vuzStkxFe03hQOZOz6AVtUWVFuA6uhMsQ5ZRWVbryaMQ7ITkPT9x:SLU41yDeoQOZedjRhQvjHUXQXuq

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c5f78fa16a534110cef680dac58ccc52b68cd15a9fe316d018c8d99b4a5228f2

    • Size

      395KB

    • MD5

      c4bd44f2a4ba7a3ecad01525dbf4594f

    • SHA1

      2e5ba9159c2c52e31b3bfff76da6ba792d5c5aff

    • SHA256

      c5f78fa16a534110cef680dac58ccc52b68cd15a9fe316d018c8d99b4a5228f2

    • SHA512

      b5eb5dd7ce4422aae58b64b7218315eab836f7a24a008c1d8a259bdc76b28d6a94b520a70d76c6949942916441e0c798e7a4c1f5a04172b7e80df7b5317f39bd

    • SSDEEP

      3072:h1mV2dDmU141vuzStkxFe03hQOZOz6AVtUWVFuA6uhMsQ5ZRWVbryaMQ7ITkPT9x:SLU41yDeoQOZedjRhQvjHUXQXuq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks