Overview

overview

10

Static

static

8

26f25ad7bc...f0.xls

windows7-x64

10

26f25ad7bc...f0.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26f25ad7bc69fc6df7c99908f70f90f0

  • Size

    124KB

  • Sample

    230301-hs8jssfa44

  • MD5

    26f25ad7bc69fc6df7c99908f70f90f0

  • SHA1

    a083d8ef9b6ce48fe3aa8ac5b11d98f5fbc071db

  • SHA256

    36b4f9e7e9b86e737ea2f3d828d1109f7cd5b274791419ea287ca69ab6c8f620

  • SHA512

    d959c5c4e81fed1b3c3c83bb09cca53219ac4390558c3786913453cfd10476ca2c2edee61bcbd6f87048a3be1cec7fd02660e48ce41f703dd6587e03d61b2138

  • SSDEEP

    1536:E8888JRwNkYUu5oAeIMIX7Ltr4tDwv/ZeWJ8QobrzQ7ITkR62gbB8oCcJtXwyovO:/teWCzbrzQ7ITk96vRJtXw5v4/8vy

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      26f25ad7bc69fc6df7c99908f70f90f0

    • Size

      124KB

    • MD5

      26f25ad7bc69fc6df7c99908f70f90f0

    • SHA1

      a083d8ef9b6ce48fe3aa8ac5b11d98f5fbc071db

    • SHA256

      36b4f9e7e9b86e737ea2f3d828d1109f7cd5b274791419ea287ca69ab6c8f620

    • SHA512

      d959c5c4e81fed1b3c3c83bb09cca53219ac4390558c3786913453cfd10476ca2c2edee61bcbd6f87048a3be1cec7fd02660e48ce41f703dd6587e03d61b2138

    • SSDEEP

      1536:E8888JRwNkYUu5oAeIMIX7Ltr4tDwv/ZeWJ8QobrzQ7ITkR62gbB8oCcJtXwyovO:/teWCzbrzQ7ITk96vRJtXw5v4/8vy

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks