Overview

overview

10

Static

static

8

ca9141d70a...59.xls

windows7-x64

10

ca9141d70a...59.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca9141d70ac492e6adb61f3c7e14ed59

  • Size

    289KB

  • Sample

    230131-v12gnsbb51

  • MD5

    ca9141d70ac492e6adb61f3c7e14ed59

  • SHA1

    56ebf9533953af1c34f3bc89b527c78fecb1cbce

  • SHA256

    b6a2a4a911c808f75204b6fbf55a0fc4c6408b0240d3f59e8e5933b186a1d68f

  • SHA512

    73ad90fc3017ff4424e8b805655ba31976e174dd815786ccc5230d359b5c33af0c025692a285f5150031a0d8d04df143e61a1f3783369738f82643784be43834

  • SSDEEP

    3072:LP99KZ26S+xPffpSRRRDLuTUXnPjAYmOEHEGjq4yW9WDecBGPfeZh1HHebx8kAP7:D9YZ26S+PW5EwNMY68h8CO3

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      ca9141d70ac492e6adb61f3c7e14ed59

    • Size

      289KB

    • MD5

      ca9141d70ac492e6adb61f3c7e14ed59

    • SHA1

      56ebf9533953af1c34f3bc89b527c78fecb1cbce

    • SHA256

      b6a2a4a911c808f75204b6fbf55a0fc4c6408b0240d3f59e8e5933b186a1d68f

    • SHA512

      73ad90fc3017ff4424e8b805655ba31976e174dd815786ccc5230d359b5c33af0c025692a285f5150031a0d8d04df143e61a1f3783369738f82643784be43834

    • SSDEEP

      3072:LP99KZ26S+xPffpSRRRDLuTUXnPjAYmOEHEGjq4yW9WDecBGPfeZh1HHebx8kAP7:D9YZ26S+PW5EwNMY68h8CO3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks