Overview

overview

10

Static

static

8

f942200150...40.xls

windows7-x64

10

f942200150...40.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f942200150683b670f5d19b523bf85cf642f06ec31cf325d75732c602165d040

  • Size

    138KB

  • Sample

    221203-pxfg5sbc72

  • MD5

    53824988705015f412b158c30d0e51fc

  • SHA1

    ec81cd3522e5e3be0f76d4e070338736b776d316

  • SHA256

    f942200150683b670f5d19b523bf85cf642f06ec31cf325d75732c602165d040

  • SHA512

    c5113b028b668b63d4544808edd5c6f8a40c85fe70130755f2b62be0531488081b20d775e1a4c4d86c40aee3b2742ee943ef03195b3ef1b8c3e29d110ccf421f

  • SSDEEP

    3072:+L0tFHtEhsuwWVOrzQ7ITkD92JtXw05ktK:+gH

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f942200150683b670f5d19b523bf85cf642f06ec31cf325d75732c602165d040

    • Size

      138KB

    • MD5

      53824988705015f412b158c30d0e51fc

    • SHA1

      ec81cd3522e5e3be0f76d4e070338736b776d316

    • SHA256

      f942200150683b670f5d19b523bf85cf642f06ec31cf325d75732c602165d040

    • SHA512

      c5113b028b668b63d4544808edd5c6f8a40c85fe70130755f2b62be0531488081b20d775e1a4c4d86c40aee3b2742ee943ef03195b3ef1b8c3e29d110ccf421f

    • SSDEEP

      3072:+L0tFHtEhsuwWVOrzQ7ITkD92JtXw05ktK:+gH

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks