Overview

overview

10

Static

static

8

Nicht best...81.xls

windows7-x64

10

Nicht best...81.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nicht bestätigt 668781.crdownload

  • Size

    136KB

  • Sample

    221203-z8nyrsba4s

  • MD5

    42b4e867c32dac838da681c1a3d8b709

  • SHA1

    9e5dcce0f8c9c91ed0d4088d7c81baf103cbb2f3

  • SHA256

    b08f0a2abfb1fdef1d37d602fbb2ce69b63c33a58655732ba5a6c3488f827e97

  • SHA512

    669b72b81ea18f82c86c7bc39c96729958ba876db7d95f0af02ff0263d60b60e3162be94397bbcf87a86457d7ea5b4eef475ccb616b4aa8e623cb1e1ff21a1ec

  • SSDEEP

    3072:/mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAnMPitGv4UL24WE7pI2KLS2Ws1ttEhDd:Ok3hbdlylKsgqopeJBWhZFVE+W2NdAMa

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      Nicht bestätigt 668781.crdownload

    • Size

      136KB

    • MD5

      42b4e867c32dac838da681c1a3d8b709

    • SHA1

      9e5dcce0f8c9c91ed0d4088d7c81baf103cbb2f3

    • SHA256

      b08f0a2abfb1fdef1d37d602fbb2ce69b63c33a58655732ba5a6c3488f827e97

    • SHA512

      669b72b81ea18f82c86c7bc39c96729958ba876db7d95f0af02ff0263d60b60e3162be94397bbcf87a86457d7ea5b4eef475ccb616b4aa8e623cb1e1ff21a1ec

    • SSDEEP

      3072:/mk3hbdlylKsgqopeJBWhZFGkE+cL2NdAnMPitGv4UL24WE7pI2KLS2Ws1ttEhDd:Ok3hbdlylKsgqopeJBWhZFVE+W2NdAMa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Unknown use of msiexec with remote resource

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks