Overview

overview

10

Static

static

8

cafeb59694...7a.xls

windows7-x64

10

cafeb59694...7a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cafeb5969425e4392f7c0df31a1f66a254e5654dd9a8143e6c28b8fbf0535a7a

  • Size

    43KB

  • Sample

    240419-bexrtada6y

  • MD5

    8c64f107dd064147dd04ee265eef47c3

  • SHA1

    22ffb010c8a41c9dabb0927bf432fb25bd78d323

  • SHA256

    cafeb5969425e4392f7c0df31a1f66a254e5654dd9a8143e6c28b8fbf0535a7a

  • SHA512

    7122c4e25d372313bff688cacfd5301ea4d02b064ffa7f282e502f9e20c4125232b77ea8786664075e8c327668bd4230b32ca8c40de01d822542ea840e57bf4d

  • SSDEEP

    768:mzmB+k3hOdsylKlgryzc4bNhZFGzE+cL2knAJgRX42AAbXwrlIRbxCca8yfMy3:+k3hOdsylKlgryzc4bNhZFGzE+cL2kn4

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      cafeb5969425e4392f7c0df31a1f66a254e5654dd9a8143e6c28b8fbf0535a7a

    • Size

      43KB

    • MD5

      8c64f107dd064147dd04ee265eef47c3

    • SHA1

      22ffb010c8a41c9dabb0927bf432fb25bd78d323

    • SHA256

      cafeb5969425e4392f7c0df31a1f66a254e5654dd9a8143e6c28b8fbf0535a7a

    • SHA512

      7122c4e25d372313bff688cacfd5301ea4d02b064ffa7f282e502f9e20c4125232b77ea8786664075e8c327668bd4230b32ca8c40de01d822542ea840e57bf4d

    • SSDEEP

      768:mzmB+k3hOdsylKlgryzc4bNhZFGzE+cL2knAJgRX42AAbXwrlIRbxCca8yfMy3:+k3hOdsylKlgryzc4bNhZFGzE+cL2kn4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks