Overview

overview

10

Static

static

8

407c0bb212...d8.xls

windows7-x64

10

407c0bb212...d8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    407c0bb21288370cc47eec78055558d23b6cb9ee586dfde38fcf7d282819cad8

  • Size

    65KB

  • Sample

    240419-cvkb4afc31

  • MD5

    0261ba9ea73217b3a53f80d78958964f

  • SHA1

    a3ddbe5ba69e4ce8a9e634b9ea21a9fe4da7bd11

  • SHA256

    407c0bb21288370cc47eec78055558d23b6cb9ee586dfde38fcf7d282819cad8

  • SHA512

    47b14069ac3854a2660cb58c98e170dd8b6b81c268bca46dc1984929962964942e9a3498c69345f0455d1c8a768fa6044a45240b98e9303c299e4a2400a4f4f0

  • SSDEEP

    1536:wnSGTyFRchUXmdand4NhZFGzElMPAArCAqxHshAp+TuxM+cu/gPnAC:wnSGTyFRchUXmdand4NhZFGzElMPAAr5

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      407c0bb21288370cc47eec78055558d23b6cb9ee586dfde38fcf7d282819cad8

    • Size

      65KB

    • MD5

      0261ba9ea73217b3a53f80d78958964f

    • SHA1

      a3ddbe5ba69e4ce8a9e634b9ea21a9fe4da7bd11

    • SHA256

      407c0bb21288370cc47eec78055558d23b6cb9ee586dfde38fcf7d282819cad8

    • SHA512

      47b14069ac3854a2660cb58c98e170dd8b6b81c268bca46dc1984929962964942e9a3498c69345f0455d1c8a768fa6044a45240b98e9303c299e4a2400a4f4f0

    • SSDEEP

      1536:wnSGTyFRchUXmdand4NhZFGzElMPAArCAqxHshAp+TuxM+cu/gPnAC:wnSGTyFRchUXmdand4NhZFGzElMPAAr5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks