Overview

overview

10

Static

static

8

132443f317...89.xls

windows7-x64

10

132443f317...89.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    132443f317e2b5672e93fc4ca2e4d089

  • Size

    162KB

  • Sample

    230221-vmsbvahe5z

  • MD5

    132443f317e2b5672e93fc4ca2e4d089

  • SHA1

    9ba076736a67a14bd2fc51be8f1c5f9458b4441a

  • SHA256

    9aa86f70e9461f042670f690244e0625acf6227fb8f7f4f77513c76cc33c241d

  • SHA512

    d148572fd6d8fe319e76eb244c80080051dc22ad78e38244fdc8658cc52d46ef20386e81bb048a6617318ef54be7f018459119bbb61729e245743b059b19e794

  • SSDEEP

    1536:t7777P6j+WNrJl1OI0/OnuNq5ReU2jcc0lbxOvTgZjQ03L3FFcJtXw+Hhyk:g9rJpX2jcc0lbxOr103L3FOJtXw2gk

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      132443f317e2b5672e93fc4ca2e4d089

    • Size

      162KB

    • MD5

      132443f317e2b5672e93fc4ca2e4d089

    • SHA1

      9ba076736a67a14bd2fc51be8f1c5f9458b4441a

    • SHA256

      9aa86f70e9461f042670f690244e0625acf6227fb8f7f4f77513c76cc33c241d

    • SHA512

      d148572fd6d8fe319e76eb244c80080051dc22ad78e38244fdc8658cc52d46ef20386e81bb048a6617318ef54be7f018459119bbb61729e245743b059b19e794

    • SSDEEP

      1536:t7777P6j+WNrJl1OI0/OnuNq5ReU2jcc0lbxOvTgZjQ03L3FFcJtXw+Hhyk:g9rJpX2jcc0lbxOr103L3FOJtXw2gk

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks