Overview

overview

10

Static

static

8

~ar6759.xls

windows7-x64

10

~ar6759.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ~ar6759.xar

  • Size

    107KB

  • Sample

    221203-vs6fnade7t

  • MD5

    ae89cf6ba9007c82060c00e004ca8a1e

  • SHA1

    c25329af0c5edd0260744a89f25c36ae336c5792

  • SHA256

    2609fc43379c7572ab4b9e15ca5b8408c42b071caceb6e45384b85b30df60979

  • SHA512

    5c4fcfeaaca3dc6195c913cce1aa8ee9c394cfd11e4ccab373bd7b83c6bb70f84f78af10bf01525810a382baf118424b2404f7b5ef7717fb7b3901f19cd3e8ab

  • SSDEEP

    3072:8i9QUDGYwk/u1Q5y21afgjs8KA6bLhmvjKESzz6u/lmpYj:8i9QUDGYwk/u1Q5y21afgjs8KA6bLhmq

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      ~ar6759.xar

    • Size

      107KB

    • MD5

      ae89cf6ba9007c82060c00e004ca8a1e

    • SHA1

      c25329af0c5edd0260744a89f25c36ae336c5792

    • SHA256

      2609fc43379c7572ab4b9e15ca5b8408c42b071caceb6e45384b85b30df60979

    • SHA512

      5c4fcfeaaca3dc6195c913cce1aa8ee9c394cfd11e4ccab373bd7b83c6bb70f84f78af10bf01525810a382baf118424b2404f7b5ef7717fb7b3901f19cd3e8ab

    • SSDEEP

      3072:8i9QUDGYwk/u1Q5y21afgjs8KA6bLhmvjKESzz6u/lmpYj:8i9QUDGYwk/u1Q5y21afgjs8KA6bLhmq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks