Overview

overview

10

Static

static

8

bd83cd8d3c...3e.xls

windows7-x64

10

bd83cd8d3c...3e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd83cd8d3c7dca2ae0cd02622b5f1acdc820367f6616a0cd4919211e7d09db3e

  • Size

    94KB

  • Sample

    230129-rktkcaaf58

  • MD5

    0373d4cca74d4d3484d2c63292744c0e

  • SHA1

    93f166095540e15fe4b1368408fdb45dba6e413f

  • SHA256

    bd83cd8d3c7dca2ae0cd02622b5f1acdc820367f6616a0cd4919211e7d09db3e

  • SHA512

    0693e5518aa1485efd54dba2220bb79a40198a6a30cc1c3567bfa9513f5a1e50a7cef7b9a4618a1b4fbcd3308cbb245ca318831a62a569be3755265be91bff3c

  • SSDEEP

    1536:UPPPWGGHia6YTrWVbrzQ7IrQSkbA2FcCOjDWwF19zau:4aRWVbrzQ7IrzkZ+DHMu

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      bd83cd8d3c7dca2ae0cd02622b5f1acdc820367f6616a0cd4919211e7d09db3e

    • Size

      94KB

    • MD5

      0373d4cca74d4d3484d2c63292744c0e

    • SHA1

      93f166095540e15fe4b1368408fdb45dba6e413f

    • SHA256

      bd83cd8d3c7dca2ae0cd02622b5f1acdc820367f6616a0cd4919211e7d09db3e

    • SHA512

      0693e5518aa1485efd54dba2220bb79a40198a6a30cc1c3567bfa9513f5a1e50a7cef7b9a4618a1b4fbcd3308cbb245ca318831a62a569be3755265be91bff3c

    • SSDEEP

      1536:UPPPWGGHia6YTrWVbrzQ7IrQSkbA2FcCOjDWwF19zau:4aRWVbrzQ7IrzkZ+DHMu

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks