Overview

overview

10

Static

static

8

a1a4cb1a40...b2.xls

windows7-x64

10

a1a4cb1a40...b2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1a4cb1a40cadb40e2753f8a16c6c2b2

  • Size

    165KB

  • Sample

    230111-xptnssea35

  • MD5

    a1a4cb1a40cadb40e2753f8a16c6c2b2

  • SHA1

    a8272750be6afeb5dfd1f8a8e5c42d739264b83b

  • SHA256

    917dd6ceaf87ebce3828de720daca36e97a8b00f9c861fafab8021f7816aa61b

  • SHA512

    46cec0470e2809ebf81e45dbc5b2b9ea403b156e1f8603bcaabb6b3676ed62056da2e770361250c2bca19219d27246cc519ba5f435cfbad72d79339a119afece

  • SSDEEP

    1536:XndEEEmZCdB3j2GgC9RG/E+XmEoExtImYqG8PYs7bqNB4tOnJiy2jcc0lbxOvTgE:XjSyYs+nJiy2jcc0lbxOrlpe/XY

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a1a4cb1a40cadb40e2753f8a16c6c2b2

    • Size

      165KB

    • MD5

      a1a4cb1a40cadb40e2753f8a16c6c2b2

    • SHA1

      a8272750be6afeb5dfd1f8a8e5c42d739264b83b

    • SHA256

      917dd6ceaf87ebce3828de720daca36e97a8b00f9c861fafab8021f7816aa61b

    • SHA512

      46cec0470e2809ebf81e45dbc5b2b9ea403b156e1f8603bcaabb6b3676ed62056da2e770361250c2bca19219d27246cc519ba5f435cfbad72d79339a119afece

    • SSDEEP

      1536:XndEEEmZCdB3j2GgC9RG/E+XmEoExtImYqG8PYs7bqNB4tOnJiy2jcc0lbxOvTgE:XjSyYs+nJiy2jcc0lbxOrlpe/XY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks