Overview

overview

10

Static

static

8

41202d384a...3b.xls

windows7-x64

10

41202d384a...3b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41202d384a5a7bfbb58ab3ecd870d37b6dc4778349cde82a61b235bca44f643b

  • Size

    258KB

  • Sample

    221206-rty67aac71

  • MD5

    602d5d4010a2792d0360769822b17798

  • SHA1

    956564e02d32cdbf43a5b3f1e7f603ea8a842043

  • SHA256

    41202d384a5a7bfbb58ab3ecd870d37b6dc4778349cde82a61b235bca44f643b

  • SHA512

    2160c7137a583f90218c2950236f430320cb45084aa6a5587e98c55434274f3c095533284819d14f38e10eaec567cc3ee18bae36bbf37e443ddc02c7fc4abeb2

  • SSDEEP

    3072:VovvvvvvvvvvvOOOOvvvvvvvvwaQ1HzPaZl30SkQ7LVs8+cYstHJJxp2jcc0lbxL:RaoTPas+9s3stHJv2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      41202d384a5a7bfbb58ab3ecd870d37b6dc4778349cde82a61b235bca44f643b

    • Size

      258KB

    • MD5

      602d5d4010a2792d0360769822b17798

    • SHA1

      956564e02d32cdbf43a5b3f1e7f603ea8a842043

    • SHA256

      41202d384a5a7bfbb58ab3ecd870d37b6dc4778349cde82a61b235bca44f643b

    • SHA512

      2160c7137a583f90218c2950236f430320cb45084aa6a5587e98c55434274f3c095533284819d14f38e10eaec567cc3ee18bae36bbf37e443ddc02c7fc4abeb2

    • SSDEEP

      3072:VovvvvvvvvvvvOOOOvvvvvvvvwaQ1HzPaZl30SkQ7LVs8+cYstHJJxp2jcc0lbxL:RaoTPas+9s3stHJv2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks