Overview

overview

10

Static

static

8

c4df19f47d...a2.xls

windows7-x64

10

c4df19f47d...a2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4df19f47d8bda76a27c8f8f2f2ad8586429ccc86f1652108a9b0d854ea13fa2

  • Size

    123KB

  • Sample

    230129-r2qj1scg2x

  • MD5

    bf3e976cbc71a2172053089db68da2ee

  • SHA1

    aebfc671ad1ca8232fcd15b493d8dd63fb4090f3

  • SHA256

    c4df19f47d8bda76a27c8f8f2f2ad8586429ccc86f1652108a9b0d854ea13fa2

  • SHA512

    06c12661aa88e93f7e0f712a7554327051c00ecee6137c45ffcab2d114de0c7849363b7c0f0bc309b87b8ecf13456486ca55654caa0f6621201e7b3bc3cd5137

  • SSDEEP

    1536:3V555YOSSqGYQxA4dJyNdBBCQItWVbrzVih8h7ITkbA23cCOU/WwF18krSL:MGYHgMWWVbrz4S7ITkZsDW9rO

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      c4df19f47d8bda76a27c8f8f2f2ad8586429ccc86f1652108a9b0d854ea13fa2

    • Size

      123KB

    • MD5

      bf3e976cbc71a2172053089db68da2ee

    • SHA1

      aebfc671ad1ca8232fcd15b493d8dd63fb4090f3

    • SHA256

      c4df19f47d8bda76a27c8f8f2f2ad8586429ccc86f1652108a9b0d854ea13fa2

    • SHA512

      06c12661aa88e93f7e0f712a7554327051c00ecee6137c45ffcab2d114de0c7849363b7c0f0bc309b87b8ecf13456486ca55654caa0f6621201e7b3bc3cd5137

    • SSDEEP

      1536:3V555YOSSqGYQxA4dJyNdBBCQItWVbrzVih8h7ITkbA23cCOU/WwF18krSL:MGYHgMWWVbrz4S7ITkZsDW9rO

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks