Overview

overview

10

Static

static

8

b8f698741d...a5.xls

windows7-x64

1

b8f698741d...a5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8f698741d9f31c07e7ebb1daa39bfa5

  • Size

    202KB

  • Sample

    230221-vmmflahe5w

  • MD5

    b8f698741d9f31c07e7ebb1daa39bfa5

  • SHA1

    55e5d94eb879eb08a934ab5ed793423f65ebbfc6

  • SHA256

    8514a32eb374f318d3fbd6889b5bf829ae9d68671413f899f16e83dfe9eb4585

  • SHA512

    b05d6c1bc7e6c64b02e8a53ced330444439a573850b3713addcda8804d7742acf27bd4f88d967da62c4139ee7b0fb62bb6404556b2be91b55e9f42b90176a6b2

  • SSDEEP

    6144:ck3hOdsylKlgryzc4bNhZF+E+W2knDrWfWT:7rSWT

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      b8f698741d9f31c07e7ebb1daa39bfa5

    • Size

      202KB

    • MD5

      b8f698741d9f31c07e7ebb1daa39bfa5

    • SHA1

      55e5d94eb879eb08a934ab5ed793423f65ebbfc6

    • SHA256

      8514a32eb374f318d3fbd6889b5bf829ae9d68671413f899f16e83dfe9eb4585

    • SHA512

      b05d6c1bc7e6c64b02e8a53ced330444439a573850b3713addcda8804d7742acf27bd4f88d967da62c4139ee7b0fb62bb6404556b2be91b55e9f42b90176a6b2

    • SSDEEP

      6144:ck3hOdsylKlgryzc4bNhZF+E+W2knDrWfWT:7rSWT

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks