Overview

overview

10

Static

static

8

a0362be648...64.xls

windows7-x64

10

a0362be648...64.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8733679039.zip

  • Size

    22KB

  • Sample

    230117-11ewkagh67

  • MD5

    f6c1f2496ff2e7a0b118d9ace43c2937

  • SHA1

    19112ccdb69624d7510a8d076ae4ef31cb4b7676

  • SHA256

    970d01998a793253c89b52999ae9226bc0a7f1ef90e584d41208dfe97e93c0d9

  • SHA512

    fd45965681ebcd4d07588c2335ee140829b3f85e150109b92a63eebe6237fde72a535defcf352716eb2dbdffcf8725bf0fb5d640f3c7b888b47153fd8e06fe6e

  • SSDEEP

    384:rg6SCt72SUvXZxwyXoDw9PHl2d1Y/NtUi6nxDx0u4IIKRLBj6aAHDadnETe2jQAA:sKSfXUyY09PF+szU51x0NItCInEDPHg

Score
10/10
macromacro_on_actionxlm

Malware Config

Targets

    • Target

      a0362be648ebb92266bb64410e429350aefbddb0af74d7e89bea23cfbe75aa64

    • Size

      59KB

    • MD5

      7c853ab182e0e0a51baa85ba460ddf51

    • SHA1

      b865efd764549e7e64eaa37ae67a977958a5fcec

    • SHA256

      a0362be648ebb92266bb64410e429350aefbddb0af74d7e89bea23cfbe75aa64

    • SHA512

      8368dd70259e9238acc6d116647a27cc5b4adc73158ed83923f5c841d688a3983b987828108f285aab73633ea4742eec74208ac46996b91b66b812cf33ba1602

    • SSDEEP

      1536:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knw0jftONLqbNacyr042LfC:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks