Overview

overview

10

Static

static

8

0afeffe1c2...5d.xls

windows7-x64

10

0afeffe1c2...5d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0afeffe1c2d9599498792f5842021d5d

  • Size

    231KB

  • Sample

    230117-1ynexsgh29

  • MD5

    0afeffe1c2d9599498792f5842021d5d

  • SHA1

    c5015c2202798f7a569f3a3c42c294f543e9dfc4

  • SHA256

    9b0405339b38e4bcc7ec3d5d0cf6bfcd8ba44c16d7cd235ab1c2b81755cbb7a6

  • SHA512

    ceee7c59491cf2fb7bc392e43619d09f9d4d85c4282e96ad35bd619093767431862d51f8925053bda28dbe112fef2b744f251c9840383e652734f6de88bc7df6

  • SSDEEP

    6144:ek3hOdsylKlgryzc4bNhZF+E+W/gEMmXJy:umX

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      0afeffe1c2d9599498792f5842021d5d

    • Size

      231KB

    • MD5

      0afeffe1c2d9599498792f5842021d5d

    • SHA1

      c5015c2202798f7a569f3a3c42c294f543e9dfc4

    • SHA256

      9b0405339b38e4bcc7ec3d5d0cf6bfcd8ba44c16d7cd235ab1c2b81755cbb7a6

    • SHA512

      ceee7c59491cf2fb7bc392e43619d09f9d4d85c4282e96ad35bd619093767431862d51f8925053bda28dbe112fef2b744f251c9840383e652734f6de88bc7df6

    • SSDEEP

      6144:ek3hOdsylKlgryzc4bNhZF+E+W/gEMmXJy:umX

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks