Overview

overview

10

Static

static

8

f777c0ad0c...ae.xls

windows7-x64

10

f777c0ad0c...ae.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f777c0ad0c7371908442e6f5726fc6ae

  • Size

    95KB

  • Sample

    230221-vnfdnshe7w

  • MD5

    f777c0ad0c7371908442e6f5726fc6ae

  • SHA1

    29dec732d3f9ac79e3c860143931ba0622e6661d

  • SHA256

    0cace3f45c019a0bbae0397e6b48969daae13b6aa962936c7d605d85c0228c0e

  • SHA512

    4f89d0febfc4f63d541169d3032f7114d9c6d1609971c22614b81c7204f19b67a98445c6f8617c37eddc3f01b9420a281c296b38b94d7bd3f37025bdc9b659f8

  • SSDEEP

    1536:V////+C6rsLj9a/rApgb0OF1x1Z95rJs48ahZc2jcc0lbxOvTgfNCnU/WwF10DnS:2ta2jcc0lbxOraSWcnS

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f777c0ad0c7371908442e6f5726fc6ae

    • Size

      95KB

    • MD5

      f777c0ad0c7371908442e6f5726fc6ae

    • SHA1

      29dec732d3f9ac79e3c860143931ba0622e6661d

    • SHA256

      0cace3f45c019a0bbae0397e6b48969daae13b6aa962936c7d605d85c0228c0e

    • SHA512

      4f89d0febfc4f63d541169d3032f7114d9c6d1609971c22614b81c7204f19b67a98445c6f8617c37eddc3f01b9420a281c296b38b94d7bd3f37025bdc9b659f8

    • SSDEEP

      1536:V////+C6rsLj9a/rApgb0OF1x1Z95rJs48ahZc2jcc0lbxOvTgfNCnU/WwF10DnS:2ta2jcc0lbxOraSWcnS

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks