Overview

overview

10

Static

static

8

bd96b4b598...2.xlsm

windows7-x64

10

bd96b4b598...2.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd96b4b5983953068c1ccc84907cc9f666e1ba959ac053d64cba7609c1fce492.zip

  • Size

    161KB

  • Sample

    230311-tbwpfsad23

  • MD5

    df47a56b900dd9f5f4dd95616aba7248

  • SHA1

    ba90327f051cdad4c5c6e0e7d89b2ce380750f2e

  • SHA256

    bd097638d4b254fd7a72abf767c16cabaa1562219033fd9eced60f30afe7c378

  • SHA512

    1012d09a5a7033316ae257e4d05f702c10cd023f11222ba389245711e6b1108f06b1bc670691b73bb23ff0e7c4cf611c50ea76d4177b819d470c8502ac3b042a

  • SSDEEP

    3072:LtJ9v6zZCgwczs/ByEXmhHAYeU8Rwyw0qR1jufm9FCkw3p0mr8eDnCHcUPdR1UB:JJ9TIgwKwrHSfmJw3p02nCHcUfs

Score
10/10
macro

Malware Config

Targets

    • Target

      bd96b4b5983953068c1ccc84907cc9f666e1ba959ac053d64cba7609c1fce492.xlsx

    • Size

      165KB

    • MD5

      810db3a9e5c7e3166856dc87b793e2d3

    • SHA1

      77609542755928e33ad15c884f04e29aeb3622dc

    • SHA256

      bd96b4b5983953068c1ccc84907cc9f666e1ba959ac053d64cba7609c1fce492

    • SHA512

      0d34c05383c92b98844a5d8afe1423bb1cf94321e960aa86313e122c34aee275fd5aa4f5cfd973bb91ac3e7b0a523049a32165aaaf5eef0e7d28a9ecf37527f4

    • SSDEEP

      3072:BfubV/gdFZHLygMa6HNKb3VzH2nIZ3IfTVR90YOMraOHktFGRDlI6/ytscIn99NF:BfyYHhLvMBHNKLVWwm2FMOOHktWI6qIX

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks