3a542a37153a44e0f77531e7a1cb7ae5bf66fa99b230725203e21c1e429aec05 | Triage

Sharing

General

Target

b0842386458e1ab3d1de1845b7986fde
Size

2.0MB
Sample

240303-12khfaad98
MD5

b0842386458e1ab3d1de1845b7986fde
SHA1

56af74698678056f8c8c560d5221568f789ef960
SHA256

3a542a37153a44e0f77531e7a1cb7ae5bf66fa99b230725203e21c1e429aec05
SHA512

90e8e4f9dc3f0433a577ed6d453c98344fbf29b3929b0b322c33db9b02f0ae1b5bbca92f3a12c6e7acff5aefdb5b746efafd75432ba7e6d1aadad745b3be1bdd
SSDEEP

49152:HYuS+plEjJxkECGYLVZSL1DzbJ3AMPLtT3FN:4uSSujJkHS1DzV393N

Score

10^/10

macro xlm

Malware Config

Targets

- Target
  
  9月资金预算--QQ直接接收/审计监察部-9月份资金预算表.xls
- Size
  
  90KB
- MD5
  
  38219bfab8105d1fe4f391d6bd997c09
- SHA1
  
  dd3c17374785fc221f49e9aad27cc10cf6062cdc
- SHA256
  
  305df41bb495e599dea0c34da518a2e72b9d26ce2c166efa44bcab3e84bb15ef
- SHA512
  
  2b0cc4cb72a6ad528e68f63d9b06d20feccc217a4961b4085f09d6605a6e57d6d2bbd4bed38876c5201f1492e1f33935791adfdc078f7ba58237f05ead9837b5
- SSDEEP
  
  1536:buuuzJQS8tV8e1svcPkQbHCmOeqi1LaJdmYqCHKHnWEWFLWVbrzQ7ITkVID2lnkE:LkHsWlWVbrzQ7ITkHqpEKJtXwIW
Score

1^/10
behavioral1 behavioral2
- Target
  
  曹/关于上报资金预算的通知2012.8.27/关于上报资金预算的通知.docx
- Size
  
  14KB
- MD5
  
  e779f4e7791bce7de295ebfc128f55a3
- SHA1
  
  620d40d3b3087057867d26aed37c4410e1d3237a
- SHA256
  
  3a2ff5350320b921c4f2d310018aa47ad41f5efc3f97cf07967b017ccf60bec4
- SHA512
  
  6f86065c6e256a5dcfd3e2691558339298f0f1c62024f564c994edc228eb21ddc83944798798dd8b33b4370af35bbe1110cb39517689c698dcec007081598a4c
- SSDEEP
  
  192:imNpebcjeNWKRtZ+z8fjX1RBwAEwfmfSaSEV3+/kSmo14tVi4RXvDPG+DpFi:TwRRHjZwAjub08eKtVvRbPGGXi
Score

4^/10
behavioral3 behavioral4
- Target
  
  曹/关于上报资金预算的通知2012.8.27/陕西北元化工集团有限公司资金预算表.xls
- Size
  
  101KB
- MD5
  
  5b8ffceac042494426316fb170a12030
- SHA1
  
  bac38074911fee53b9715a126e726ef2d15c77bb
- SHA256
  
  7b1684db4e386993a42d814561274f98d9ca1a1c16ca5dacc9f36554c07a90af
- SHA512
  
  d412677266317969e8ea097793d6eb77b7be3e80f23b75d729c1ccebb7c3e513e6d250bedb8eb896396ba6978506b58188449612fb9e0b5a8064aee1d85c1248
- SSDEEP
  
  1536:EuuuzJQS8tV8e1svcPkQbHCmOeqiF7aJ8mYqCzKHpoywHWVbrzQ7ITkFCNwwA2tV:GJzny8WVbrzQ7ITkku2VJtXw7e
Score

1^/10
behavioral5 behavioral6
- Target
  
  曹/新型煤化工调研表（北元化工）.xls
- Size
  
  108KB
- MD5
  
  7a6a6082abf0cbc5d3ea006b9f0c5897
- SHA1
  
  e78b0d6bd93f8e91e7e721d598f89d70870aa033
- SHA256
  
  fe4b9bf7a264eeeb984bc12f2e3c66eaea0b7ac052ec4f32516268aa73b3172f
- SHA512
  
  16fabb6c2bb3dbbe5d6b0defd63cead3e79fa13c00313540bc59458d29461c26c922eccce32c08b3651867c6031cc4fda76de82b24e3f42c32d206e8ba0c63ba
- SSDEEP
  
  3072:OD0l6Nc7yRzs1H75wkZUgsQ6NqTBun5o5PxWVbrzQ7I3kZYjhJtXwXK:vl6Nc7yRzs1H75wkZUgsQ6NqTBun5oBk
Score

10^/10

macro xlm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Deletes itself
behavioral7 behavioral8
- Target
  
  曹/资金调度、资金结算上线指引_20120516.doc
- Size
  
  311KB
- MD5
  
  dc54d018fd87216b162c0b81a74230db
- SHA1
  
  fd2088ac235fb4c56088967ae0efd42c480fbe69
- SHA256
  
  1e0e305e40a5efbb9aa30e2c6191dbcfd50363e595da066aa07f93a8a1190bd6
- SHA512
  
  d06eff4d06175a45d5517f9fbab7c0b31f758e8a9a66b037cacea2fabbb412de46607d7af9ecd8bcc3d73caa46299fa6b0ffdb011fca8493a91657439060014f
- SSDEEP
  
  6144:Aoatrf5aTbfK+hxxuj6dsd+GkzMdG08oGpeGnzVxh/Q7ID/SeW:AndgTO+Zu4sd+AGZX1xxJQ7IzSZ
Score

4^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10