Overview

overview

10

Static

static

8

67da26f647...e1.xls

windows7-x64

10

67da26f647...e1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67da26f647fcc28945839000a67553e1

  • Size

    143KB

  • Sample

    221215-x1rzcadc54

  • MD5

    67da26f647fcc28945839000a67553e1

  • SHA1

    939a291bb57d46505fad6b70026242a4c640acee

  • SHA256

    20ab8a9ab284a5d5574df7d018bd619e916e10f3f179d3955c63a7ebf25b69e2

  • SHA512

    ccff7660841dba60cd90d174e6b166181b3513e0a8ea453c372fab7a0ee7273556ab9f3af8903898740a7420f3ccbd532c74af5a7b6fa70567b54ca4f480b11a

  • SSDEEP

    3072:REzt+ca9JbcvzA7GmL2sQmN4Rd5W8ozZATHWVbVzQ7ITk9btfX1qCN5kW:REzt+ca9JbcvzA7GmL2sQmN4Rd5W8oA1

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      67da26f647fcc28945839000a67553e1

    • Size

      143KB

    • MD5

      67da26f647fcc28945839000a67553e1

    • SHA1

      939a291bb57d46505fad6b70026242a4c640acee

    • SHA256

      20ab8a9ab284a5d5574df7d018bd619e916e10f3f179d3955c63a7ebf25b69e2

    • SHA512

      ccff7660841dba60cd90d174e6b166181b3513e0a8ea453c372fab7a0ee7273556ab9f3af8903898740a7420f3ccbd532c74af5a7b6fa70567b54ca4f480b11a

    • SSDEEP

      3072:REzt+ca9JbcvzA7GmL2sQmN4Rd5W8ozZATHWVbVzQ7ITk9btfX1qCN5kW:REzt+ca9JbcvzA7GmL2sQmN4Rd5W8oA1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks