Overview

overview

10

Static

static

8

efe1343a32...e1.xls

windows7-x64

10

efe1343a32...e1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efe1343a32189f1b774f4c5e51f41de1

  • Size

    300KB

  • Sample

    230131-v14xsshc44

  • MD5

    efe1343a32189f1b774f4c5e51f41de1

  • SHA1

    a9a9f1bdf0ac76147f217a6cea31490d4ec8d72a

  • SHA256

    91de33cf3d07e3b8353ff1bdf3f86ae148c4e54206efd265ed4eb50a2ba7cd41

  • SHA512

    f68de19a8fc5db34f0aa6b21a53823a131d3aeb38d484a6ff7013ce544360a2f51fb2975d128cc4050cecc3e97f205dd4a1114f93b2ecffc4fadb329ee62ac61

  • SSDEEP

    3072:YLm7v9y02M3/yPffiSRRRDLuTxXnPjAYHOEHEGjq4yWgWDecBGPfeZj1HHebx8k0:5vY02M3/rpuEweMY48F8CO+T

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      efe1343a32189f1b774f4c5e51f41de1

    • Size

      300KB

    • MD5

      efe1343a32189f1b774f4c5e51f41de1

    • SHA1

      a9a9f1bdf0ac76147f217a6cea31490d4ec8d72a

    • SHA256

      91de33cf3d07e3b8353ff1bdf3f86ae148c4e54206efd265ed4eb50a2ba7cd41

    • SHA512

      f68de19a8fc5db34f0aa6b21a53823a131d3aeb38d484a6ff7013ce544360a2f51fb2975d128cc4050cecc3e97f205dd4a1114f93b2ecffc4fadb329ee62ac61

    • SSDEEP

      3072:YLm7v9y02M3/yPffiSRRRDLuTxXnPjAYHOEHEGjq4yWgWDecBGPfeZj1HHebx8k0:5vY02M3/rpuEweMY48F8CO+T

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks