Overview

overview

10

Static

static

8

ce8a0308c0...be.xls

windows7-x64

10

ce8a0308c0...be.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce8a0308c08225e8218c48bb3aa854fc54b4906a33ea0a6d0474e34822afadbe

  • Size

    150KB

  • Sample

    230129-q61p4sbe6v

  • MD5

    e32806a42e8fcb123994c14b17ab0649

  • SHA1

    45918fc23386d3f0d96ff7edad9b3263b53de0c1

  • SHA256

    ce8a0308c08225e8218c48bb3aa854fc54b4906a33ea0a6d0474e34822afadbe

  • SHA512

    d315cd1b8132ee05e5377dcb99f154c2d63784cfaf9cc83a443454a7f8bd2332c1130cadc0c16094f49eea057c1eb224beba7832a8d920123555daee12487215

  • SSDEEP

    3072:bmWa6sfiUbFh0sKTPlv+2yRK7JzieyWVfbrzQ7ITk9dEdJtXwU5kwJuAl:y3LROzH/J

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ce8a0308c08225e8218c48bb3aa854fc54b4906a33ea0a6d0474e34822afadbe

    • Size

      150KB

    • MD5

      e32806a42e8fcb123994c14b17ab0649

    • SHA1

      45918fc23386d3f0d96ff7edad9b3263b53de0c1

    • SHA256

      ce8a0308c08225e8218c48bb3aa854fc54b4906a33ea0a6d0474e34822afadbe

    • SHA512

      d315cd1b8132ee05e5377dcb99f154c2d63784cfaf9cc83a443454a7f8bd2332c1130cadc0c16094f49eea057c1eb224beba7832a8d920123555daee12487215

    • SSDEEP

      3072:bmWa6sfiUbFh0sKTPlv+2yRK7JzieyWVfbrzQ7ITk9dEdJtXwU5kwJuAl:y3LROzH/J

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks