Overview

overview

10

Static

static

8

b8926869f9...92.xls

windows7-x64

10

b8926869f9...92.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8926869f9fd1fd1f575989fca1df692

  • Size

    164KB

  • Sample

    230111-xnqkradh84

  • MD5

    b8926869f9fd1fd1f575989fca1df692

  • SHA1

    d90b3432365659b04729209df820608d2b6db23e

  • SHA256

    c21abf39fe9536d460561be1f17fb4f572a1b5c83482d1ed17347714680acea3

  • SHA512

    0896f7636a8ba36eb255cf5ef837321b701a768acfe37e6751057554c13b1e85df9e42e9cd2834153146ed967bdf775ba355a66a65a3713bf6a78f245cd68055

  • SSDEEP

    3072:7WmPqOcEypOglgAj3NRKEvpArnumxVCSG:GEyJA

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      b8926869f9fd1fd1f575989fca1df692

    • Size

      164KB

    • MD5

      b8926869f9fd1fd1f575989fca1df692

    • SHA1

      d90b3432365659b04729209df820608d2b6db23e

    • SHA256

      c21abf39fe9536d460561be1f17fb4f572a1b5c83482d1ed17347714680acea3

    • SHA512

      0896f7636a8ba36eb255cf5ef837321b701a768acfe37e6751057554c13b1e85df9e42e9cd2834153146ed967bdf775ba355a66a65a3713bf6a78f245cd68055

    • SSDEEP

      3072:7WmPqOcEypOglgAj3NRKEvpArnumxVCSG:GEyJA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks