Overview

overview

10

Static

static

8

98101bd92c...78.xls

windows7-x64

10

98101bd92c...78.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98101bd92ceabfc2480c3c46e11daa78

  • Size

    133KB

  • Sample

    230308-hz84xaeb2z

  • MD5

    98101bd92ceabfc2480c3c46e11daa78

  • SHA1

    698368b0b404b50535eba8822920af89db589c32

  • SHA256

    2f59a965be50904310224b119cc576583edea798ea63439c0f79154f07ade6b8

  • SHA512

    6b2daff3203e665e05a1a290d28a75a9c005a57f3362460fa2c77636cdd330afb17f062a68cec9978cd5bfafa70f34de5151c50dfea4b053c6f8a3cd9ecfe03f

  • SSDEEP

    3072:NEKsv9dAVAboglgAQ3NRKcjJtXwdXjhZd6ad:4v9d5um

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      98101bd92ceabfc2480c3c46e11daa78

    • Size

      133KB

    • MD5

      98101bd92ceabfc2480c3c46e11daa78

    • SHA1

      698368b0b404b50535eba8822920af89db589c32

    • SHA256

      2f59a965be50904310224b119cc576583edea798ea63439c0f79154f07ade6b8

    • SHA512

      6b2daff3203e665e05a1a290d28a75a9c005a57f3362460fa2c77636cdd330afb17f062a68cec9978cd5bfafa70f34de5151c50dfea4b053c6f8a3cd9ecfe03f

    • SSDEEP

      3072:NEKsv9dAVAboglgAQ3NRKcjJtXwdXjhZd6ad:4v9d5um

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks