Overview

overview

10

Static

static

8

ca9c9a78c5...2d.xls

windows7-x64

10

ca9c9a78c5...2d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca9c9a78c5dc10b798c6a71b6ccee06a9c83c3d9d44bd540b31a2b356b51932d

  • Size

    95KB

  • Sample

    221203-pxjvkabc78

  • MD5

    7b7a940d709c0a326c17f36ec1cddd72

  • SHA1

    51e998c83b9a86227aa136ba17ad161a33dc8988

  • SHA256

    ca9c9a78c5dc10b798c6a71b6ccee06a9c83c3d9d44bd540b31a2b356b51932d

  • SHA512

    3c1906460aa8f4e6a3842d03572a976f209e10f923cef7f65551af61b4953930cbe59885060c804b4faa3b96ea62bbc0a78ab719d917d573104c3c1836cccfc7

  • SSDEEP

    1536:rqqqeCLnm/SXq5bpDL2jcc0lbxOvTgZRg88ScJtXwU1NZ:z2jcc0lbxOrbjhJtXw8NZ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ca9c9a78c5dc10b798c6a71b6ccee06a9c83c3d9d44bd540b31a2b356b51932d

    • Size

      95KB

    • MD5

      7b7a940d709c0a326c17f36ec1cddd72

    • SHA1

      51e998c83b9a86227aa136ba17ad161a33dc8988

    • SHA256

      ca9c9a78c5dc10b798c6a71b6ccee06a9c83c3d9d44bd540b31a2b356b51932d

    • SHA512

      3c1906460aa8f4e6a3842d03572a976f209e10f923cef7f65551af61b4953930cbe59885060c804b4faa3b96ea62bbc0a78ab719d917d573104c3c1836cccfc7

    • SSDEEP

      1536:rqqqeCLnm/SXq5bpDL2jcc0lbxOvTgZRg88ScJtXwU1NZ:z2jcc0lbxOrbjhJtXw8NZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks