Overview

overview

10

Static

static

8

44053bde21...af.xls

windows7-x64

10

44053bde21...af.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44053bde216b1c142d9f9c9904d9ea0a14ddac66f943370014169140e1bdfaaf

  • Size

    115KB

  • Sample

    221202-szxe8aba48

  • MD5

    a64cf3715f0e2ca7fd6c0ba16df8627a

  • SHA1

    19ba21c51556d99086a9e2922f3d4f91ab245933

  • SHA256

    44053bde216b1c142d9f9c9904d9ea0a14ddac66f943370014169140e1bdfaaf

  • SHA512

    d559d70313fad464e7208a7f0338a0c3709e49403302bfdbd56b9cc40e57c7fa8cc0542afea7ab6d86192b63f7884be6cf4af33ca8b3d8210e583143d5323327

  • SSDEEP

    3072:VRl6Nc7yRzs1H75wkZUgsQ6NqTBun5opLWH2jcc0lbxOIaMSPR:Dl6Nc7yRzs1H75wkZUgsQ6NqTBun5oA8

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      44053bde216b1c142d9f9c9904d9ea0a14ddac66f943370014169140e1bdfaaf

    • Size

      115KB

    • MD5

      a64cf3715f0e2ca7fd6c0ba16df8627a

    • SHA1

      19ba21c51556d99086a9e2922f3d4f91ab245933

    • SHA256

      44053bde216b1c142d9f9c9904d9ea0a14ddac66f943370014169140e1bdfaaf

    • SHA512

      d559d70313fad464e7208a7f0338a0c3709e49403302bfdbd56b9cc40e57c7fa8cc0542afea7ab6d86192b63f7884be6cf4af33ca8b3d8210e583143d5323327

    • SSDEEP

      3072:VRl6Nc7yRzs1H75wkZUgsQ6NqTBun5opLWH2jcc0lbxOIaMSPR:Dl6Nc7yRzs1H75wkZUgsQ6NqTBun5oA8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks