Overview

overview

10

Static

static

8

336881acf8...f8.xls

windows7-x64

10

336881acf8...f8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    336881acf83a746fcb12f6ce05d144f536f54d39ad70a823894d49f4b8ac60f8

  • Size

    127KB

  • Sample

    221202-szzkksef9t

  • MD5

    75b9ab173f592408b2e909fedc27d3f9

  • SHA1

    b436506f32ec3ff1bab9ddecf5d7621d06a77a0b

  • SHA256

    336881acf83a746fcb12f6ce05d144f536f54d39ad70a823894d49f4b8ac60f8

  • SHA512

    8d353e466d4e2ea134db4dabc4559745978d44124286e6b5724b6fb9dc4bbd3b140a4839f8e9d667064cd6798c156be2003cabdec84329398468258bcfa18e10

  • SSDEEP

    3072:Jqc9FU5TjjWVbrzQ7ITkDiEdJtXwH5ka/U:JqX7G

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      336881acf83a746fcb12f6ce05d144f536f54d39ad70a823894d49f4b8ac60f8

    • Size

      127KB

    • MD5

      75b9ab173f592408b2e909fedc27d3f9

    • SHA1

      b436506f32ec3ff1bab9ddecf5d7621d06a77a0b

    • SHA256

      336881acf83a746fcb12f6ce05d144f536f54d39ad70a823894d49f4b8ac60f8

    • SHA512

      8d353e466d4e2ea134db4dabc4559745978d44124286e6b5724b6fb9dc4bbd3b140a4839f8e9d667064cd6798c156be2003cabdec84329398468258bcfa18e10

    • SSDEEP

      3072:Jqc9FU5TjjWVbrzQ7ITkDiEdJtXwH5ka/U:JqX7G

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks