Overview

overview

10

Static

static

8

342f54347c...3a.xls

windows7-x64

10

342f54347c...3a.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    342f54347c50b2e65d24369150d0841558648f37a6f3a8ab7ac450d90e71803a

  • Size

    132KB

  • Sample

    221202-szy9taef9s

  • MD5

    f704f59ddbbb7c3d018a72df027514f0

  • SHA1

    c3fc17f7fe830cae00adb68bcfebed98fa42d154

  • SHA256

    342f54347c50b2e65d24369150d0841558648f37a6f3a8ab7ac450d90e71803a

  • SHA512

    446087bcb7b3b65123350e6f89a9a5f408cc1d071264fd44ee316061dbe0c7c760736f10be055d41e380b26685e09fa80259b9ee3aececdcd5c4e1b23c32dd0a

  • SSDEEP

    1536:Yeeekm8zc8e1tVbsQvPkSJ4OpQqmkmOqmkmmkOmFLcmYqVNHzfVk4NIzO2oWVbr0:RhNRFWVbrzR7ITkP/foJtXw1l5kf

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      342f54347c50b2e65d24369150d0841558648f37a6f3a8ab7ac450d90e71803a

    • Size

      132KB

    • MD5

      f704f59ddbbb7c3d018a72df027514f0

    • SHA1

      c3fc17f7fe830cae00adb68bcfebed98fa42d154

    • SHA256

      342f54347c50b2e65d24369150d0841558648f37a6f3a8ab7ac450d90e71803a

    • SHA512

      446087bcb7b3b65123350e6f89a9a5f408cc1d071264fd44ee316061dbe0c7c760736f10be055d41e380b26685e09fa80259b9ee3aececdcd5c4e1b23c32dd0a

    • SSDEEP

      1536:Yeeekm8zc8e1tVbsQvPkSJ4OpQqmkmOqmkmmkOmFLcmYqVNHzfVk4NIzO2oWVbr0:RhNRFWVbrzR7ITkP/foJtXw1l5kf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks