General

  • Target

    978905601.xls

  • Size

    172KB

  • Sample

    200630-1r7v8rvjya

  • MD5

    2a6b788cb122676d3890312e754bfc90

  • SHA1

    5744f5012d120edd79f1bb1ed0272b28712127e4

  • SHA256

    0018a5d18456d36582b1020be78a055c9c126a8036c618ea956faf722d995bb2

  • SHA512

    39a0f085979668395beb3d7a23144cbfeba6c849586bc7a4c5759dc455f3964877ea57795df19bf560a4c9a03a283f0671d656888c8969f8cb7ac58e84cc12a5

Score
10/10

Malware Config

Targets

    • Target

      978905601.xls

    • Size

      172KB

    • MD5

      2a6b788cb122676d3890312e754bfc90

    • SHA1

      5744f5012d120edd79f1bb1ed0272b28712127e4

    • SHA256

      0018a5d18456d36582b1020be78a055c9c126a8036c618ea956faf722d995bb2

    • SHA512

      39a0f085979668395beb3d7a23144cbfeba6c849586bc7a4c5759dc455f3964877ea57795df19bf560a4c9a03a283f0671d656888c8969f8cb7ac58e84cc12a5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Use of msiexec (install) with remote resource

    • Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks