Overview

overview

10

Static

static

1

May-Docume...8.xlsx

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    May-Document-6_2024-1398.xlsx

  • Size

    51KB

  • Sample

    240507-k6cqdshh3y

  • MD5

    36a6ceb2eede91664aae1fc2a017306f

  • SHA1

    21b45c399ad65cba70386c8ed53314031ef6cbcd

  • SHA256

    e37a6233366cf9bfb03cd6ca652254977814a32dc0fe842ec500faa7ba7394c0

  • SHA512

    c8967942d7de214d050e2080bddf1b3f53a4c56c17d58978e78405e58115cd2fdf67eca1b6b055c274f83a342bbe690cfcb350116c23aeaf90309183ac45e20f

  • SSDEEP

    1536:YYZDHgM8v42wkYq84lKL7IAnA4xCQH140n:YYZcMetF8T7IAA4xprn

Score
10/10
execution

Malware Config

Targets

    • Target

      May-Document-6_2024-1398.xlsx

    • Size

      51KB

    • MD5

      36a6ceb2eede91664aae1fc2a017306f

    • SHA1

      21b45c399ad65cba70386c8ed53314031ef6cbcd

    • SHA256

      e37a6233366cf9bfb03cd6ca652254977814a32dc0fe842ec500faa7ba7394c0

    • SHA512

      c8967942d7de214d050e2080bddf1b3f53a4c56c17d58978e78405e58115cd2fdf67eca1b6b055c274f83a342bbe690cfcb350116c23aeaf90309183ac45e20f

    • SSDEEP

      1536:YYZDHgM8v42wkYq84lKL7IAnA4xCQH140n:YYZcMetF8T7IAA4xprn

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Command and Scripting Interpreter: AutoIT

      Using AutoIT for possible automate script.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks