Overview

overview

10

Static

static

8

cedd36e2e5...a4.xls

windows7-x64

10

cedd36e2e5...a4.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cedd36e2e5aab29e20676efb202f22a4

  • Size

    106KB

  • Sample

    230314-ksm9zage6w

  • MD5

    cedd36e2e5aab29e20676efb202f22a4

  • SHA1

    1ab96ff665d27fe1f93f5522f682cffabe525e7a

  • SHA256

    9886a208fe165a919df8d7846257b446998ce033168a932a6f416abcd3c24f0c

  • SHA512

    354e973ea565de2f722088210401c3ab49b44eb4be8d371d0a7a4cb955f0dbef4f55eaba39a3ee46070d4d936050a1d3f23d49760be064478b9b28b25e97f92c

  • SSDEEP

    1536:d7WWWPio382UrjOKHbrzZ37LgP9xZ95NZh0WVbrz5z7ITkiD2g/LUcJtXweCv4EV:tWVbrzt7ITkDAXJtXwfv4DM

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      cedd36e2e5aab29e20676efb202f22a4

    • Size

      106KB

    • MD5

      cedd36e2e5aab29e20676efb202f22a4

    • SHA1

      1ab96ff665d27fe1f93f5522f682cffabe525e7a

    • SHA256

      9886a208fe165a919df8d7846257b446998ce033168a932a6f416abcd3c24f0c

    • SHA512

      354e973ea565de2f722088210401c3ab49b44eb4be8d371d0a7a4cb955f0dbef4f55eaba39a3ee46070d4d936050a1d3f23d49760be064478b9b28b25e97f92c

    • SSDEEP

      1536:d7WWWPio382UrjOKHbrzZ37LgP9xZ95NZh0WVbrz5z7ITkiD2g/LUcJtXweCv4EV:tWVbrzt7ITkDAXJtXwfv4DM

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks