Overview

overview

10

Static

static

8

2af7bb3726...7b.xls

windows7-x64

10

2af7bb3726...7b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2af7bb3726176cc28a706e4b6cd4607b

  • Size

    91KB

  • Sample

    230301-hvkkrafa76

  • MD5

    2af7bb3726176cc28a706e4b6cd4607b

  • SHA1

    39dd2badc3f057eb3fc2399ec5ab57fdefdc7e42

  • SHA256

    a746faf924a19b87adca7898a1591dcf3c6b663421708b9160eeead6c2253799

  • SHA512

    19b8295a72159e605729a7bc760257b5cb630f0dd41bcf7859c6e14c41803fdccddad5f13c9aaef300059a39fcc24951627b685d5db3ca3356283b7759c2726b

  • SSDEEP

    1536:97777PDcdR9gt2ji2jcc0lbxOqTgZfcfreLWt2XKhgB+:aGl2jcc0lbxOKJjSag+

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      2af7bb3726176cc28a706e4b6cd4607b

    • Size

      91KB

    • MD5

      2af7bb3726176cc28a706e4b6cd4607b

    • SHA1

      39dd2badc3f057eb3fc2399ec5ab57fdefdc7e42

    • SHA256

      a746faf924a19b87adca7898a1591dcf3c6b663421708b9160eeead6c2253799

    • SHA512

      19b8295a72159e605729a7bc760257b5cb630f0dd41bcf7859c6e14c41803fdccddad5f13c9aaef300059a39fcc24951627b685d5db3ca3356283b7759c2726b

    • SSDEEP

      1536:97777PDcdR9gt2ji2jcc0lbxOqTgZfcfreLWt2XKhgB+:aGl2jcc0lbxOKJjSag+

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks