Overview

overview

10

Static

static

8

26401d31ed...3b.xls

windows7-x64

10

26401d31ed...3b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26401d31ed27c8fd42ae871067fe8c3b

  • Size

    152KB

  • Sample

    230314-kqkfased92

  • MD5

    26401d31ed27c8fd42ae871067fe8c3b

  • SHA1

    f23c570328c6079df65959f6138b263918333c35

  • SHA256

    0ef19c5eef5e530b6c36b4c99fe47bb7e83c3d74ed4341b9deb0707400bf1fb8

  • SHA512

    b50b403099ad8d3d4404a4f23903e34069df0c8b0aa8bbbb87d85fb8bc63e92194bdc0595d882be0c7454fc54179a2e1f075d595b477fe069a4c48279aa8d185

  • SSDEEP

    1536:nhhhyrf3Ljbjhao8UtNGS9hW2ntF0b+CArFtSnthjH9IkeZ95Gh7s1p+3DXCAQCT:4khA+DWVbrzQ7IG2kZYYJyXwuGqQ

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      26401d31ed27c8fd42ae871067fe8c3b

    • Size

      152KB

    • MD5

      26401d31ed27c8fd42ae871067fe8c3b

    • SHA1

      f23c570328c6079df65959f6138b263918333c35

    • SHA256

      0ef19c5eef5e530b6c36b4c99fe47bb7e83c3d74ed4341b9deb0707400bf1fb8

    • SHA512

      b50b403099ad8d3d4404a4f23903e34069df0c8b0aa8bbbb87d85fb8bc63e92194bdc0595d882be0c7454fc54179a2e1f075d595b477fe069a4c48279aa8d185

    • SSDEEP

      1536:nhhhyrf3Ljbjhao8UtNGS9hW2ntF0b+CArFtSnthjH9IkeZ95Gh7s1p+3DXCAQCT:4khA+DWVbrzQ7IG2kZYYJyXwuGqQ

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks