Overview

overview

10

Static

static

1

614ec7aa34...c3.xls

windows7-x64

10

614ec7aa34...c3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    614ec7aa347ff02d2e7a059078ea6ec3

  • Size

    132KB

  • Sample

    230308-h1bj2aeb3s

  • MD5

    614ec7aa347ff02d2e7a059078ea6ec3

  • SHA1

    d1cdfb691315dfebe4ec37c1bd4f9aedfe5b5f34

  • SHA256

    530545a21c50dcdadea990696e4b06566ba55eb92afbbdb4861e71b71cb0bf6e

  • SHA512

    9403aaeb0f38ccc980dbf633873aa3ac557128bd6749ed87cf509329bab745f228cb967d385573d938294449216ec8d0eeef0c9e445de97a1cea7f16a8d3edb6

  • SSDEEP

    3072:eFv9iAkA7WVbrzB7ITkDZ2AJtXwQMQD4:8v9i6N2yy4

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      614ec7aa347ff02d2e7a059078ea6ec3

    • Size

      132KB

    • MD5

      614ec7aa347ff02d2e7a059078ea6ec3

    • SHA1

      d1cdfb691315dfebe4ec37c1bd4f9aedfe5b5f34

    • SHA256

      530545a21c50dcdadea990696e4b06566ba55eb92afbbdb4861e71b71cb0bf6e

    • SHA512

      9403aaeb0f38ccc980dbf633873aa3ac557128bd6749ed87cf509329bab745f228cb967d385573d938294449216ec8d0eeef0c9e445de97a1cea7f16a8d3edb6

    • SSDEEP

      3072:eFv9iAkA7WVbrzB7ITkDZ2AJtXwQMQD4:8v9i6N2yy4

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks