Overview

overview

10

Static

static

8

ae55834c2e...98.xls

windows7-x64

10

ae55834c2e...98.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae55834c2e529f9693c0c56c8856cc75d6f135fee3b8b4fe211e117bc525f298

  • Size

    254KB

  • Sample

    221202-syxdtsee9v

  • MD5

    f38f7bf028a23cb9f0434f823b72b48b

  • SHA1

    f8439f280bf07f6927682aec049cd87683b96c85

  • SHA256

    ae55834c2e529f9693c0c56c8856cc75d6f135fee3b8b4fe211e117bc525f298

  • SHA512

    3ebc604c06aa9c5d9ddf50f554b83e0ce50a4cccd86bc1660012a5bba0897269078158be7d69e9560edaa42b3d35e483a19a33e698e177f246f8a29c956af59f

  • SSDEEP

    6144:ml6Nc7yRzs1H75wkZUgsGaX+9PwRnmRYkbSFaS:GYkbSR

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ae55834c2e529f9693c0c56c8856cc75d6f135fee3b8b4fe211e117bc525f298

    • Size

      254KB

    • MD5

      f38f7bf028a23cb9f0434f823b72b48b

    • SHA1

      f8439f280bf07f6927682aec049cd87683b96c85

    • SHA256

      ae55834c2e529f9693c0c56c8856cc75d6f135fee3b8b4fe211e117bc525f298

    • SHA512

      3ebc604c06aa9c5d9ddf50f554b83e0ce50a4cccd86bc1660012a5bba0897269078158be7d69e9560edaa42b3d35e483a19a33e698e177f246f8a29c956af59f

    • SSDEEP

      6144:ml6Nc7yRzs1H75wkZUgsGaX+9PwRnmRYkbSFaS:GYkbSR

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks