Overview

overview

10

Static

static

8

064bb05474...0d.xls

windows7-x64

10

064bb05474...0d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    064bb054746f0e36d8231a272d70980d

  • Size

    173KB

  • Sample

    230214-x8g44sff87

  • MD5

    064bb054746f0e36d8231a272d70980d

  • SHA1

    4a21a7d20ca174a91a1c49d8885f9be0c5d20a4a

  • SHA256

    4bdee72a162f40422dfce6ac2d01ac25075bf1d0e6f641b27dea6858b092cee9

  • SHA512

    1d3cf8b37be6f5281e39f2b7ddfee3fe6a48f41d4704c39b1b901ce7d5b8d5573ec16e2f6ebebb78b33267b1d104fa390c527ed22ab6ed483fdfbc88188156a2

  • SSDEEP

    3072:0+IH1OxQKxy5gfaf8kDfsQmN3psWUZZR/Qse7sUguglgAQ3NRSw/JtXwkDKSZ:0+IH1OxQKxy5gfaf8kDfsQmN3psWUZZY

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      064bb054746f0e36d8231a272d70980d

    • Size

      173KB

    • MD5

      064bb054746f0e36d8231a272d70980d

    • SHA1

      4a21a7d20ca174a91a1c49d8885f9be0c5d20a4a

    • SHA256

      4bdee72a162f40422dfce6ac2d01ac25075bf1d0e6f641b27dea6858b092cee9

    • SHA512

      1d3cf8b37be6f5281e39f2b7ddfee3fe6a48f41d4704c39b1b901ce7d5b8d5573ec16e2f6ebebb78b33267b1d104fa390c527ed22ab6ed483fdfbc88188156a2

    • SSDEEP

      3072:0+IH1OxQKxy5gfaf8kDfsQmN3psWUZZR/Qse7sUguglgAQ3NRSw/JtXwkDKSZ:0+IH1OxQKxy5gfaf8kDfsQmN3psWUZZY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks