Overview

overview

10

Static

static

8

884785ce26...7f.xls

windows7-x64

10

884785ce26...7f.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    884785ce26bef74f31b2afc983db927f

  • Size

    290KB

  • Sample

    230221-vnh5kaff37

  • MD5

    884785ce26bef74f31b2afc983db927f

  • SHA1

    dedc5bef64684d44dc6b624fd38ffd9bdd1338b5

  • SHA256

    c0639cd87de0f96d5cd8ba1210393f75bcdaad720d1caad1ec07aaa1a00f0e59

  • SHA512

    91d1149a435863ea64fe965ad182a2460b2efa8504268ad9f41be79da2d459143d5eef7e7086451c31e3d28ecb0819abb2b280843e0710b66c394927f438bbbc

  • SSDEEP

    3072:3/YqBwVA9lwRB1tqvvDSadXnp0EQZyPECdxpHJ8rfVNDTF/2oLwdxE7gXdNnaWCr:PYqBwVADX371d4LofDClHRenJB

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      884785ce26bef74f31b2afc983db927f

    • Size

      290KB

    • MD5

      884785ce26bef74f31b2afc983db927f

    • SHA1

      dedc5bef64684d44dc6b624fd38ffd9bdd1338b5

    • SHA256

      c0639cd87de0f96d5cd8ba1210393f75bcdaad720d1caad1ec07aaa1a00f0e59

    • SHA512

      91d1149a435863ea64fe965ad182a2460b2efa8504268ad9f41be79da2d459143d5eef7e7086451c31e3d28ecb0819abb2b280843e0710b66c394927f438bbbc

    • SSDEEP

      3072:3/YqBwVA9lwRB1tqvvDSadXnp0EQZyPECdxpHJ8rfVNDTF/2oLwdxE7gXdNnaWCr:PYqBwVADX371d4LofDClHRenJB

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks