Overview

overview

10

Static

static

8

f45c8da11d...97.xls

windows7-x64

10

f45c8da11d...97.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f45c8da11da80d1fa97f94178dc45597

  • Size

    118KB

  • Sample

    230301-hvflssef7s

  • MD5

    f45c8da11da80d1fa97f94178dc45597

  • SHA1

    8b8151d747daf38f68ab5951df07802d669a89e2

  • SHA256

    6ddaa16fb1e813a34f8872b60ef183459c389d4936e22a5215023252c5c8f7ca

  • SHA512

    eb925a16a32cd88d61f5b4ff91d3a7c6347d890cce78a6043a92461aedfa044b4e38aebd241f0a899c93ab0cfeb025e511b19bf0ca2538cadd263e1e0f9315ea

  • SSDEEP

    3072:4k3hOdsylKlgryzc4bNhZFGzE+cL2kntRrO2jcc0lbxOGl3auYKAYKxyT:4k3hOdsylKlgryzc4bNhZF+E+W2knfrH

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      f45c8da11da80d1fa97f94178dc45597

    • Size

      118KB

    • MD5

      f45c8da11da80d1fa97f94178dc45597

    • SHA1

      8b8151d747daf38f68ab5951df07802d669a89e2

    • SHA256

      6ddaa16fb1e813a34f8872b60ef183459c389d4936e22a5215023252c5c8f7ca

    • SHA512

      eb925a16a32cd88d61f5b4ff91d3a7c6347d890cce78a6043a92461aedfa044b4e38aebd241f0a899c93ab0cfeb025e511b19bf0ca2538cadd263e1e0f9315ea

    • SSDEEP

      3072:4k3hOdsylKlgryzc4bNhZFGzE+cL2kntRrO2jcc0lbxOGl3auYKAYKxyT:4k3hOdsylKlgryzc4bNhZF+E+W2knfrH

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks