Overview

overview

10

Static

static

8

7c5eebe30a...f5.xls

windows7-x64

10

7c5eebe30a...f5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c5eebe30a2349b2c5896266be7601f5

  • Size

    105KB

  • Sample

    230314-kv19lsge8v

  • MD5

    7c5eebe30a2349b2c5896266be7601f5

  • SHA1

    5d4f3ed55514a3b0034b4add2377855c713daff6

  • SHA256

    6da8616653f52c3f105051e53e4a6f69e0164407be32b6ec129d03c625436aac

  • SHA512

    8714b1e227611213c30a0d196ba95e8580c9860e1a5b13beda2306a90795539f6b5f226d8d37c6cdbf202be729aba35b8c9cabf33bf77f3781933132f5df5a05

  • SSDEEP

    1536:XQQQWh8teVQczsQ8PzS1bLvJkqeUuymWbu+Uv2jcc0lbxOrqolV1cJtXwDBjbVXG:vuyq2jcc0lbxOG0+JtXwtjbHLTxyT

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      7c5eebe30a2349b2c5896266be7601f5

    • Size

      105KB

    • MD5

      7c5eebe30a2349b2c5896266be7601f5

    • SHA1

      5d4f3ed55514a3b0034b4add2377855c713daff6

    • SHA256

      6da8616653f52c3f105051e53e4a6f69e0164407be32b6ec129d03c625436aac

    • SHA512

      8714b1e227611213c30a0d196ba95e8580c9860e1a5b13beda2306a90795539f6b5f226d8d37c6cdbf202be729aba35b8c9cabf33bf77f3781933132f5df5a05

    • SSDEEP

      1536:XQQQWh8teVQczsQ8PzS1bLvJkqeUuymWbu+Uv2jcc0lbxOrqolV1cJtXwDBjbVXG:vuyq2jcc0lbxOG0+JtXwtjbHLTxyT

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks