Overview

overview

10

Static

static

8

82e7b49060...4e.xls

windows7-x64

10

82e7b49060...4e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82e7b490603e5139a72867c7ab9df021916b5ebcd1e03a846fc63272b98be84e

  • Size

    115KB

  • Sample

    221203-pxzwsabd27

  • MD5

    972978610b91059d94a54524828c2d5d

  • SHA1

    6f8c1d696d7c13e08c22eefd53fcae14ec0a899b

  • SHA256

    82e7b490603e5139a72867c7ab9df021916b5ebcd1e03a846fc63272b98be84e

  • SHA512

    f6ed62b4a0510f7d1078493249e8474cfaf2d1475381c9434fabcdac89decf1aa33e323dfca818e955d2a6eee896d6f293f871c9bb9eb85c06c8de78c0f2e075

  • SSDEEP

    1536:4YYYYUTlI5NUfsZ1GOWVbrrsvrQ7ITkR62lmjUgccJtXwRUM2M/MI6esrD0NnyT:W5ZWVbrCQ7ITk9ynvJtXwh5kRe0zT

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      82e7b490603e5139a72867c7ab9df021916b5ebcd1e03a846fc63272b98be84e

    • Size

      115KB

    • MD5

      972978610b91059d94a54524828c2d5d

    • SHA1

      6f8c1d696d7c13e08c22eefd53fcae14ec0a899b

    • SHA256

      82e7b490603e5139a72867c7ab9df021916b5ebcd1e03a846fc63272b98be84e

    • SHA512

      f6ed62b4a0510f7d1078493249e8474cfaf2d1475381c9434fabcdac89decf1aa33e323dfca818e955d2a6eee896d6f293f871c9bb9eb85c06c8de78c0f2e075

    • SSDEEP

      1536:4YYYYUTlI5NUfsZ1GOWVbrrsvrQ7ITkR62lmjUgccJtXwRUM2M/MI6esrD0NnyT:W5ZWVbrCQ7ITk9ynvJtXwh5kRe0zT

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks