Overview

overview

10

Static

static

8

a44b04ea74...57.xls

windows7-x64

10

a44b04ea74...57.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a44b04ea74ac3156d667da64693ebf57

  • Size

    118KB

  • Sample

    230221-vpjsgshe9w

  • MD5

    a44b04ea74ac3156d667da64693ebf57

  • SHA1

    2f24294b87e17f6ff7eb4c9432f3b461880d2cd8

  • SHA256

    6f2113e5ae7b033e9fe7fffa366fd2fe78bff167ad990ce88b304bd2ab739a22

  • SHA512

    c13920a2feac718a247cd46404ae07fc8061a3036fbf363a3090a62ed43a1ecfbb54a6fcddc8558c66317224585de519be2870d06642e7f92246fe53f3277ea2

  • SSDEEP

    3072:FkxEtjPOtioVjDGUU1qfDlaGGx+cLYIxApJy2jcc0lbxOw7gHJtXwD1gDyYjxyT:axEtjPOtioVjDGUU1qfDlavx+WYIxApL

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a44b04ea74ac3156d667da64693ebf57

    • Size

      118KB

    • MD5

      a44b04ea74ac3156d667da64693ebf57

    • SHA1

      2f24294b87e17f6ff7eb4c9432f3b461880d2cd8

    • SHA256

      6f2113e5ae7b033e9fe7fffa366fd2fe78bff167ad990ce88b304bd2ab739a22

    • SHA512

      c13920a2feac718a247cd46404ae07fc8061a3036fbf363a3090a62ed43a1ecfbb54a6fcddc8558c66317224585de519be2870d06642e7f92246fe53f3277ea2

    • SSDEEP

      3072:FkxEtjPOtioVjDGUU1qfDlaGGx+cLYIxApJy2jcc0lbxOw7gHJtXwD1gDyYjxyT:axEtjPOtioVjDGUU1qfDlavx+WYIxApL

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks