Overview

overview

10

Static

static

8

398ae60da3...ff.xls

windows7-x64

10

398ae60da3...ff.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    398ae60da3925d91db9420cfc11f4ddf16cffa8fda2f5e243a874a3d676825ff

  • Size

    257KB

  • Sample

    221206-rtz4gsfb99

  • MD5

    b07d634de25c48d411d77ee42e8d5e61

  • SHA1

    34bb9e07e6ae3f38fc60d97a1d91fb39415e0472

  • SHA256

    398ae60da3925d91db9420cfc11f4ddf16cffa8fda2f5e243a874a3d676825ff

  • SHA512

    d0aa3578c83ade76ef739e23e5a25f95c1a6a7294d7dccf40bcabdfad5a22420d5f68beb83e8b401f2d6625ef999b05db135f4c69a30675a21baf70fc0e1b773

  • SSDEEP

    3072:dovvvvvvvvvvvOOOOvvvvvvvvfaQ1HJDv8T0SE57PsYfMOstnJ0v2jcc0lbxOK3q:CaspDVfjssstnJz2

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      398ae60da3925d91db9420cfc11f4ddf16cffa8fda2f5e243a874a3d676825ff

    • Size

      257KB

    • MD5

      b07d634de25c48d411d77ee42e8d5e61

    • SHA1

      34bb9e07e6ae3f38fc60d97a1d91fb39415e0472

    • SHA256

      398ae60da3925d91db9420cfc11f4ddf16cffa8fda2f5e243a874a3d676825ff

    • SHA512

      d0aa3578c83ade76ef739e23e5a25f95c1a6a7294d7dccf40bcabdfad5a22420d5f68beb83e8b401f2d6625ef999b05db135f4c69a30675a21baf70fc0e1b773

    • SSDEEP

      3072:dovvvvvvvvvvvOOOOvvvvvvvvfaQ1HJDv8T0SE57PsYfMOstnJ0v2jcc0lbxOK3q:CaspDVfjssstnJz2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks