Overview

overview

10

Static

static

8

49c38e6cc1...7c.xls

windows7-x64

10

49c38e6cc1...7c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49c38e6cc17cd73a17de5d7b3d09767c

  • Size

    133KB

  • Sample

    230301-hs61zafa43

  • MD5

    49c38e6cc17cd73a17de5d7b3d09767c

  • SHA1

    96becc6802368a7c66c8f447d70daea339c74191

  • SHA256

    53081b1b7431572022393dfc8239f929c80e3b4bb3fef81bca4aa1e2403c0ac8

  • SHA512

    f5f58790bc60bbcd71e44389f5ec7b955af0be58bec04bc373b50baa774eaa6016952f4adcc531bb018e5b9e13b1060bd49cad1d8b60bc05218526d5080a6f46

  • SSDEEP

    3072:gLk3hOdsylKlgryzc4bNhZFGzE+cL/gEWhdL22jcc0lbxOGTJtXwG/0pkRyT:gLk3hOdsylKlgryzc4bNhZF+E+W/gEWy

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      49c38e6cc17cd73a17de5d7b3d09767c

    • Size

      133KB

    • MD5

      49c38e6cc17cd73a17de5d7b3d09767c

    • SHA1

      96becc6802368a7c66c8f447d70daea339c74191

    • SHA256

      53081b1b7431572022393dfc8239f929c80e3b4bb3fef81bca4aa1e2403c0ac8

    • SHA512

      f5f58790bc60bbcd71e44389f5ec7b955af0be58bec04bc373b50baa774eaa6016952f4adcc531bb018e5b9e13b1060bd49cad1d8b60bc05218526d5080a6f46

    • SSDEEP

      3072:gLk3hOdsylKlgryzc4bNhZFGzE+cL/gEWhdL22jcc0lbxOGTJtXwG/0pkRyT:gLk3hOdsylKlgryzc4bNhZF+E+W/gEWy

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks