Overview

overview

10

Static

static

8

50acf10d79...30.xls

windows7-x64

10

50acf10d79...30.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50acf10d79808a2b2ac7aee17ad2d730

  • Size

    88KB

  • Sample

    230111-xp91sahh4t

  • MD5

    50acf10d79808a2b2ac7aee17ad2d730

  • SHA1

    31a137a7d677228c7173d7457e9048027d407bbb

  • SHA256

    69c7b85c1b4531b0dcc82d0819691b6907e5777eb05bd9073ca92d897a732f6c

  • SHA512

    55ec7879914bf25eeb82ba3abc21cea2e9ecae90c2903570bcf27edcda07f57ce351c27ca8539a2b3ebb5d132267304ccdf0414551069a44d7dd8b04d617558a

  • SSDEEP

    1536:ehhhhN0cvk0o6IwWVbrzQ7ITkycPMT62AkCEU/WpF1VCk:uWVbrzQ7ITkyOkpdVck

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      50acf10d79808a2b2ac7aee17ad2d730

    • Size

      88KB

    • MD5

      50acf10d79808a2b2ac7aee17ad2d730

    • SHA1

      31a137a7d677228c7173d7457e9048027d407bbb

    • SHA256

      69c7b85c1b4531b0dcc82d0819691b6907e5777eb05bd9073ca92d897a732f6c

    • SHA512

      55ec7879914bf25eeb82ba3abc21cea2e9ecae90c2903570bcf27edcda07f57ce351c27ca8539a2b3ebb5d132267304ccdf0414551069a44d7dd8b04d617558a

    • SSDEEP

      1536:ehhhhN0cvk0o6IwWVbrzQ7ITkycPMT62AkCEU/WpF1VCk:uWVbrzQ7ITkyOkpdVck

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks