Overview

overview

10

Static

static

8

caadd85c84...9.xlsm

windows7-x64

10

caadd85c84...9.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    caadd85c84ed66919e44d324606f5289

  • Size

    43KB

  • Sample

    230221-vm6t8she6x

  • MD5

    caadd85c84ed66919e44d324606f5289

  • SHA1

    bc5e12d191b10c721ca0542f30acc480689c6485

  • SHA256

    35e039a66a9affb95d4559db535447a81d2de071708b97f65771ea3a9548f1d9

  • SHA512

    81f5286c50fc3e5263957ed5f90f2c391bb553673a737e725f7d10e9a5eb4a4bf12f1fa198c8d503a9adf609ba806daa1b865f726b0c4adfa77afe68f32c8e2a

  • SSDEEP

    768:aKsrnKiA3crGg1tPh7pY7X7YOQti2u47lF6oQnWC/55rzSp67Q0krNRRuRdFM:hQKp3clHY7RQXF7lF6owWC5tq69mN23C

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      caadd85c84ed66919e44d324606f5289

    • Size

      43KB

    • MD5

      caadd85c84ed66919e44d324606f5289

    • SHA1

      bc5e12d191b10c721ca0542f30acc480689c6485

    • SHA256

      35e039a66a9affb95d4559db535447a81d2de071708b97f65771ea3a9548f1d9

    • SHA512

      81f5286c50fc3e5263957ed5f90f2c391bb553673a737e725f7d10e9a5eb4a4bf12f1fa198c8d503a9adf609ba806daa1b865f726b0c4adfa77afe68f32c8e2a

    • SSDEEP

      768:aKsrnKiA3crGg1tPh7pY7X7YOQti2u47lF6oQnWC/55rzSp67Q0krNRRuRdFM:hQKp3clHY7RQXF7lF6owWC5tq69mN23C

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks