Overview

overview

10

Static

static

8

a20a4f0719...2b.xls

windows7-x64

10

a20a4f0719...2b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a20a4f0719d85e7b6b0f0a14d68467deecbf5c3ceae0380d31ad07047a7d962b

  • Size

    176KB

  • Sample

    221203-pxvbasbc98

  • MD5

    ee80d397db74df5e751886f66bf07f8c

  • SHA1

    3e0c4dc8ca6f5b2da88d7513f0cd43abc1d7d7e4

  • SHA256

    a20a4f0719d85e7b6b0f0a14d68467deecbf5c3ceae0380d31ad07047a7d962b

  • SHA512

    27fc3f7f7db2d55ff7686843b73fb5fb5918260ac43f662340827c0836eae82061846d3933b71f7b33f7a38963e60951eb3adeb19873e1d6e57b1010d0cccff5

  • SSDEEP

    3072:8AKfq6MgzlRWnixWVbrzQ7THlTk95/MJtXwi5kgbdz:N6x5tHUaz

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a20a4f0719d85e7b6b0f0a14d68467deecbf5c3ceae0380d31ad07047a7d962b

    • Size

      176KB

    • MD5

      ee80d397db74df5e751886f66bf07f8c

    • SHA1

      3e0c4dc8ca6f5b2da88d7513f0cd43abc1d7d7e4

    • SHA256

      a20a4f0719d85e7b6b0f0a14d68467deecbf5c3ceae0380d31ad07047a7d962b

    • SHA512

      27fc3f7f7db2d55ff7686843b73fb5fb5918260ac43f662340827c0836eae82061846d3933b71f7b33f7a38963e60951eb3adeb19873e1d6e57b1010d0cccff5

    • SSDEEP

      3072:8AKfq6MgzlRWnixWVbrzQ7THlTk95/MJtXwi5kgbdz:N6x5tHUaz

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks