Overview

overview

10

Static

static

8

0f920e1b23...a2.xls

windows7-x64

10

0f920e1b23...a2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f920e1b230e8178bc91245e0cde16a2

  • Size

    173KB

  • Sample

    230111-xpw4xshh21

  • MD5

    0f920e1b230e8178bc91245e0cde16a2

  • SHA1

    cf1e77cdbd7ffb753a45521062dc5b93ee90fbb5

  • SHA256

    6fe449d6d92a4ce064aeb4ab25fb02334537c0c2a73585bbc001ec889733358b

  • SHA512

    2811a0824b098307fe5b144454e4c271b6841eaeede2465b507a77b459c63fe6b87cc28e37f50a2f37f50bfdb28ea6c28094f075940e48c9885d5b12f54224a5

  • SSDEEP

    3072:Euyaw2J2jcc0lbxOGJuo/XfjReIwZTxyT:53zR

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      0f920e1b230e8178bc91245e0cde16a2

    • Size

      173KB

    • MD5

      0f920e1b230e8178bc91245e0cde16a2

    • SHA1

      cf1e77cdbd7ffb753a45521062dc5b93ee90fbb5

    • SHA256

      6fe449d6d92a4ce064aeb4ab25fb02334537c0c2a73585bbc001ec889733358b

    • SHA512

      2811a0824b098307fe5b144454e4c271b6841eaeede2465b507a77b459c63fe6b87cc28e37f50a2f37f50bfdb28ea6c28094f075940e48c9885d5b12f54224a5

    • SSDEEP

      3072:Euyaw2J2jcc0lbxOGJuo/XfjReIwZTxyT:53zR

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks