Overview

overview

10

Static

static

8

29272fc78e...95.xls

windows7-x64

10

29272fc78e...95.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29272fc78e6a76e500ee245451387695

  • Size

    102KB

  • Sample

    230221-vncyjshe7t

  • MD5

    29272fc78e6a76e500ee245451387695

  • SHA1

    9cfb47278860a189c09b990be13857e782fb02fc

  • SHA256

    dc6db9eb67f03f8e0136a3058182aaab4ccd861fc6bb42fb12d37c8766e885ad

  • SHA512

    b378953421d1b6f1aa88d1b9b48db70cbc9ac63bbe977fc6830ce20bf7f385310e7e615f35f093614ea151fa40ed8c8355cec58ce381aa354f4ca1e38eb2a23e

  • SSDEEP

    1536:TCQQQQVqayzJtV8cbsQvPe8k1GYriqwzVr+2jcc0lbxOrqoJ/WwF1b957K8NAEKW:TFYmq/2jcc0lbxOGuB57XAEKxyT

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      29272fc78e6a76e500ee245451387695

    • Size

      102KB

    • MD5

      29272fc78e6a76e500ee245451387695

    • SHA1

      9cfb47278860a189c09b990be13857e782fb02fc

    • SHA256

      dc6db9eb67f03f8e0136a3058182aaab4ccd861fc6bb42fb12d37c8766e885ad

    • SHA512

      b378953421d1b6f1aa88d1b9b48db70cbc9ac63bbe977fc6830ce20bf7f385310e7e615f35f093614ea151fa40ed8c8355cec58ce381aa354f4ca1e38eb2a23e

    • SSDEEP

      1536:TCQQQQVqayzJtV8cbsQvPe8k1GYriqwzVr+2jcc0lbxOrqoJ/WwF1b957K8NAEKW:TFYmq/2jcc0lbxOGuB57XAEKxyT

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks