Overview

overview

10

Static

static

8

a8a1d5735f...cd.xls

windows7-x64

10

a8a1d5735f...cd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8a1d5735faa0603a322b2c528a5cdcd

  • Size

    109KB

  • Sample

    230314-ks235aee46

  • MD5

    a8a1d5735faa0603a322b2c528a5cdcd

  • SHA1

    87a37d551b2e8b1e8e908d343d3a3f2c3b42761e

  • SHA256

    29f97fb8c1cdaac359eca129a32a2eb8b6d5e316688a45013612a5cfa2fd7fea

  • SHA512

    d83050bd1a3e98805bdd875b11a81a74238d2387bc6c93c94dd6ed7c380eaf24d58b0a2ecd4dad7785da340338de8da7244cb804bf36b938e23340d304d307de

  • SSDEEP

    3072:Tck3hOdsylKlgryzc4bNhZFGzE+cL/gE42jcc0lbxOG7JtXwyy3K1KxyT:Tck3hOdsylKlgryzc4bNhZF+E+W/gEo0

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      a8a1d5735faa0603a322b2c528a5cdcd

    • Size

      109KB

    • MD5

      a8a1d5735faa0603a322b2c528a5cdcd

    • SHA1

      87a37d551b2e8b1e8e908d343d3a3f2c3b42761e

    • SHA256

      29f97fb8c1cdaac359eca129a32a2eb8b6d5e316688a45013612a5cfa2fd7fea

    • SHA512

      d83050bd1a3e98805bdd875b11a81a74238d2387bc6c93c94dd6ed7c380eaf24d58b0a2ecd4dad7785da340338de8da7244cb804bf36b938e23340d304d307de

    • SSDEEP

      3072:Tck3hOdsylKlgryzc4bNhZFGzE+cL/gE42jcc0lbxOG7JtXwyy3K1KxyT:Tck3hOdsylKlgryzc4bNhZF+E+W/gEo0

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks