Overview

overview

10

Static

static

8

e4b272b64e...68.xls

windows7-x64

10

e4b272b64e...68.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4b272b64e21ab3f62479372b7466e68f81114e5b3e7b7479b7a0472580a2e68

  • Size

    43KB

  • Sample

    240419-bd45hada4x

  • MD5

    d9464ee377d39336b2d7e67d5ea1817f

  • SHA1

    2b1fa3902f353209be180191dee90a984e1ba0a9

  • SHA256

    e4b272b64e21ab3f62479372b7466e68f81114e5b3e7b7479b7a0472580a2e68

  • SHA512

    a261e2a9fc7ab0f5fe905621a6fa0f3a94179fa4e8cd40d24396e2d25f519f701e48c5d3c0773413e6e07cb8fa06f0cfe7524d218b3d1469f55cc1adbf881a27

  • SSDEEP

    768:mzmB+k3hOdsylKlgryzc4bNhZFGzE+cL2knAJgRX42AAbXwrlIRbxCca8yfMy:+k3hOdsylKlgryzc4bNhZFGzE+cL2kno

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      e4b272b64e21ab3f62479372b7466e68f81114e5b3e7b7479b7a0472580a2e68

    • Size

      43KB

    • MD5

      d9464ee377d39336b2d7e67d5ea1817f

    • SHA1

      2b1fa3902f353209be180191dee90a984e1ba0a9

    • SHA256

      e4b272b64e21ab3f62479372b7466e68f81114e5b3e7b7479b7a0472580a2e68

    • SHA512

      a261e2a9fc7ab0f5fe905621a6fa0f3a94179fa4e8cd40d24396e2d25f519f701e48c5d3c0773413e6e07cb8fa06f0cfe7524d218b3d1469f55cc1adbf881a27

    • SSDEEP

      768:mzmB+k3hOdsylKlgryzc4bNhZFGzE+cL2knAJgRX42AAbXwrlIRbxCca8yfMy:+k3hOdsylKlgryzc4bNhZFGzE+cL2kno

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks