Overview

overview

10

Static

static

8

document-1...74.xls

windows7_x64

10

document-1...74.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1467175974.xls

  • Size

    331KB

  • Sample

    201126-5vatzher8x

  • MD5

    496c2db85b091dd28cb7236a050c820e

  • SHA1

    7e2d55b29cf0896de7a41235d5f39d228f17c81d

  • SHA256

    e89bde4e0297936ee13f64b1a295b75fbb2a3f5c5614ee6894b7dec11f7b3347

  • SHA512

    ac0cd5f4b99ca2eb7eb2acbc28a2dd524f3fcc06f098252ce83502ef828d064c3d52e275e805305ff875043037de0072a94c43f0e25e402a9fc1825525f85d76

Score
10/10
macro

Malware Config

Targets

    • Target

      document-1467175974.xls

    • Size

      331KB

    • MD5

      496c2db85b091dd28cb7236a050c820e

    • SHA1

      7e2d55b29cf0896de7a41235d5f39d228f17c81d

    • SHA256

      e89bde4e0297936ee13f64b1a295b75fbb2a3f5c5614ee6894b7dec11f7b3347

    • SHA512

      ac0cd5f4b99ca2eb7eb2acbc28a2dd524f3fcc06f098252ce83502ef828d064c3d52e275e805305ff875043037de0072a94c43f0e25e402a9fc1825525f85d76

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks