Overview

overview

10

Static

static

3

apples.xll

windows7-x64

7

apples.xll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    apples.xlsx

  • Size

    529KB

  • Sample

    230518-s4vgesch38

  • MD5

    8dbf2e24ad5da6dfbf08fb67d034d312

  • SHA1

    382711cf2cae7ccb533fbf2ba205fe4df635dede

  • SHA256

    b8a748811ac92bd3b8f8b2b4f69a471856f95cdbed3e1883c2ef965ba6623289

  • SHA512

    8bd7e724e98d887d491399a020d9e0128fe8fdcdd05278e4dddb4985e60e3c6cabea9b5f071d34188f4062688723b9495271ddd4642bf8185af96c3b2e686668

  • SSDEEP

    12288:K4QKmjk2n5YMvHi9lWZr/ESVCqknRpW9r:ak7MvC9Er/TKW

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      apples.xlsx

    • Size

      529KB

    • MD5

      8dbf2e24ad5da6dfbf08fb67d034d312

    • SHA1

      382711cf2cae7ccb533fbf2ba205fe4df635dede

    • SHA256

      b8a748811ac92bd3b8f8b2b4f69a471856f95cdbed3e1883c2ef965ba6623289

    • SHA512

      8bd7e724e98d887d491399a020d9e0128fe8fdcdd05278e4dddb4985e60e3c6cabea9b5f071d34188f4062688723b9495271ddd4642bf8185af96c3b2e686668

    • SSDEEP

      12288:K4QKmjk2n5YMvHi9lWZr/ESVCqknRpW9r:ak7MvC9Er/TKW

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks