Overview

overview

8

Static

static

8

Notifica u...20.xls

windows7_x64

6

Notifica u...20.xls

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notifica ufficiale 2020.xls

  • Size

    63KB

  • Sample

    200630-zd9p53jlha

  • MD5

    6afb8b76ce64771cbb5ef4b6fa03bb74

  • SHA1

    ccc07709c448623bbf5b57f355ba62d5b5b11663

  • SHA256

    1cf24d64a7a47be40724623efe61c8427e503e2724aa1282d8a5b082758dc1f3

  • SHA512

    b3b34a1d349fde4973d878921d6e89999c30ad8bb562c3052a9b9ab843c4e865d522572446dd78cdbcd4e2b7294a86348af6125cb1800e8b0c3449fb0302212f

Score
8/10
evasionmacrospywaretrojan

Malware Config

Targets

    • Target

      Notifica ufficiale 2020.xls

    • Size

      63KB

    • MD5

      6afb8b76ce64771cbb5ef4b6fa03bb74

    • SHA1

      ccc07709c448623bbf5b57f355ba62d5b5b11663

    • SHA256

      1cf24d64a7a47be40724623efe61c8427e503e2724aa1282d8a5b082758dc1f3

    • SHA512

      b3b34a1d349fde4973d878921d6e89999c30ad8bb562c3052a9b9ab843c4e865d522572446dd78cdbcd4e2b7294a86348af6125cb1800e8b0c3449fb0302212f

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks