Overview

overview

10

Static

static

8

735aa405e9...fb.xls

windows7-x64

10

735aa405e9...fb.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    735aa405e95d883e8b12a8c0638335fb

  • Size

    91KB

  • Sample

    230314-kr61page5x

  • MD5

    735aa405e95d883e8b12a8c0638335fb

  • SHA1

    9ff47b86cf0dfda2eef7846187aea2d1126f484f

  • SHA256

    901b7df04ea86f839f969a3428ad95321a04b23868a170396f641a836a317388

  • SHA512

    2b35b7931ce765709cc78b2ffef52ff6c5454a511be5faae1cf0d7533d9e64ddf3a34efda45f8b0e34db3c8f03fe33544d8708c9de7c4f2563b97964df382ef9

  • SSDEEP

    1536:8zzzCDuTXZ+GPerCBC8Oly6IDKuwZ952ldWzWVbrzQ7IE3CDkQx2Y3q8pyJtXwtb:sQWVbrzQ7IEyDk3f80JtXwte6f

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      735aa405e95d883e8b12a8c0638335fb

    • Size

      91KB

    • MD5

      735aa405e95d883e8b12a8c0638335fb

    • SHA1

      9ff47b86cf0dfda2eef7846187aea2d1126f484f

    • SHA256

      901b7df04ea86f839f969a3428ad95321a04b23868a170396f641a836a317388

    • SHA512

      2b35b7931ce765709cc78b2ffef52ff6c5454a511be5faae1cf0d7533d9e64ddf3a34efda45f8b0e34db3c8f03fe33544d8708c9de7c4f2563b97964df382ef9

    • SSDEEP

      1536:8zzzCDuTXZ+GPerCBC8Oly6IDKuwZ952ldWzWVbrzQ7IE3CDkQx2Y3q8pyJtXwtb:sQWVbrzQ7IEyDk3f80JtXwte6f

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks