Overview

overview

10

Static

static

8

b395b84b23...1c.xls

windows7-x64

10

b395b84b23...1c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b395b84b23403706e39d8b808c9a7a1c

  • Size

    152KB

  • Sample

    230314-kqgpeage3v

  • MD5

    b395b84b23403706e39d8b808c9a7a1c

  • SHA1

    551ce11c1c9c46b47d9a0f6c3d56d0211281d523

  • SHA256

    1c5e76b2a12ef951c8afbe1cc48753cbfe339f8a746f1d2357e7fc5c9e27ff03

  • SHA512

    1dfac0039ff6e8394849cf30d2b27e5565c26040ce33efe50d88dba15cc4c351814951acf0ebdc6e6ab12ac2862d40e9eddc369d202087fb3419bbb828e3b502

  • SSDEEP

    1536:Yhhhyrf3Ljbjhao8UtNGS9hW2ntF0b+CArFtSnthjH9IkeZ95Gh7s1p+3DXCAQCT:TkhA+DWVbrzQ7IG2kZYYJyXwuGqQ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      b395b84b23403706e39d8b808c9a7a1c

    • Size

      152KB

    • MD5

      b395b84b23403706e39d8b808c9a7a1c

    • SHA1

      551ce11c1c9c46b47d9a0f6c3d56d0211281d523

    • SHA256

      1c5e76b2a12ef951c8afbe1cc48753cbfe339f8a746f1d2357e7fc5c9e27ff03

    • SHA512

      1dfac0039ff6e8394849cf30d2b27e5565c26040ce33efe50d88dba15cc4c351814951acf0ebdc6e6ab12ac2862d40e9eddc369d202087fb3419bbb828e3b502

    • SSDEEP

      1536:Yhhhyrf3Ljbjhao8UtNGS9hW2ntF0b+CArFtSnthjH9IkeZ95Gh7s1p+3DXCAQCT:TkhA+DWVbrzQ7IG2kZYYJyXwuGqQ

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks