Overview

overview

10

Static

static

8

dd46126dee...4d.xls

windows7-x64

10

dd46126dee...4d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd46126deeb7dc99dbb2db55daec084d

  • Size

    163KB

  • Sample

    230301-hs47daef3z

  • MD5

    dd46126deeb7dc99dbb2db55daec084d

  • SHA1

    d402935dcbd2b7affde154c39db15769d5e85e66

  • SHA256

    e081efd412d487820510df39c4b5047e99ac985838da2966d2588eaa89550303

  • SHA512

    55b47fc40aae1be76001cb1ec0fd95fec2dcd32068b416dd4987bcd3b6e89817082a4708403fffcf4f716a2ec04e3d979a3a5117f7c62b4e97c8a84ffd9a9f71

  • SSDEEP

    3072:fLk3hOdsylKlgryzc4bNhZFGzE+cL/gEW/99LoOglgAQoNRKEeJtXwgbwHkRyT:fLk3hOdsylKlgryzc4bNhZF+E+W/gEWx

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      dd46126deeb7dc99dbb2db55daec084d

    • Size

      163KB

    • MD5

      dd46126deeb7dc99dbb2db55daec084d

    • SHA1

      d402935dcbd2b7affde154c39db15769d5e85e66

    • SHA256

      e081efd412d487820510df39c4b5047e99ac985838da2966d2588eaa89550303

    • SHA512

      55b47fc40aae1be76001cb1ec0fd95fec2dcd32068b416dd4987bcd3b6e89817082a4708403fffcf4f716a2ec04e3d979a3a5117f7c62b4e97c8a84ffd9a9f71

    • SSDEEP

      3072:fLk3hOdsylKlgryzc4bNhZFGzE+cL/gEW/99LoOglgAQoNRKEeJtXwgbwHkRyT:fLk3hOdsylKlgryzc4bNhZF+E+W/gEWx

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks