Overview

overview

10

Static

static

8

0e13dcc22c...9c.xls

windows7-x64

10

0e13dcc22c...9c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e13dcc22c6b4dd7b181996324292946aa95835273a3c851b181a4119586659c

  • Size

    110KB

  • Sample

    221206-rt11saac8s

  • MD5

    de98d776c5eec7e096b9df072cc76848

  • SHA1

    58da45aa7a9d663fb70c5ce81e83faa1c7d2a1a4

  • SHA256

    0e13dcc22c6b4dd7b181996324292946aa95835273a3c851b181a4119586659c

  • SHA512

    63d66ddc54ee65ead84564d856204815b75eb95fab09e25609e24bc013cbcd93a822fc46ac3f0e2e676617ab76098482415143b46871b5e00e923a91ae6fdf25

  • SSDEEP

    3072:uFl6Nc7yRzs1H75wkZUgsQ6NqTBun5owWVbrznye7ITk9N2AJtXwxv4k:Cl6Nc7yRzs1H75wkZUgsQ6NqTBun5oD1

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      0e13dcc22c6b4dd7b181996324292946aa95835273a3c851b181a4119586659c

    • Size

      110KB

    • MD5

      de98d776c5eec7e096b9df072cc76848

    • SHA1

      58da45aa7a9d663fb70c5ce81e83faa1c7d2a1a4

    • SHA256

      0e13dcc22c6b4dd7b181996324292946aa95835273a3c851b181a4119586659c

    • SHA512

      63d66ddc54ee65ead84564d856204815b75eb95fab09e25609e24bc013cbcd93a822fc46ac3f0e2e676617ab76098482415143b46871b5e00e923a91ae6fdf25

    • SSDEEP

      3072:uFl6Nc7yRzs1H75wkZUgsQ6NqTBun5owWVbrznye7ITk9N2AJtXwxv4k:Cl6Nc7yRzs1H75wkZUgsQ6NqTBun5oD1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks