Overview

overview

10

Static

static

1

Quotation.xls

windows7-x64

1

Quotation.xls

windows10-2004-x64

10

Resubmissions

01-07-2024 11:44

240701-nwl3vsshlr 10

01-07-2024 11:39

240701-nslmxssfrr 10

01-07-2024 11:32

240701-nnswfayhkb 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.xls

  • Size

    196KB

  • Sample

    240701-nwl3vsshlr

  • MD5

    5301c763e48f3d3b3fbbc6d735056571

  • SHA1

    bc2e61ea94f57127aa3114389a1f205f9c0e27f6

  • SHA256

    abb00aa4a12711492eae76fdc37300d4f46d168a9dbbef952994c63dfad1cb84

  • SHA512

    e4293cccb545fa318e63eb3cb2053b6dd20fe3ecfee98d638588a91bfd040ff21430dbef5e1dc474f181cddfb392be9e87f84e2c16c0332c1eff2395601a3071

  • SSDEEP

    3072:U+2kaDXsPN/Dn+W1YM12nKqYXwR+UtLqV7BR1/SZSt8drYW2Jt01s3oEd:R2k/5+WSsSHLqNBzS4adrT2Jt0u3

Score
10/10
phishing

Malware Config

Targets

    • Target

      Quotation.xls

    • Size

      196KB

    • MD5

      5301c763e48f3d3b3fbbc6d735056571

    • SHA1

      bc2e61ea94f57127aa3114389a1f205f9c0e27f6

    • SHA256

      abb00aa4a12711492eae76fdc37300d4f46d168a9dbbef952994c63dfad1cb84

    • SHA512

      e4293cccb545fa318e63eb3cb2053b6dd20fe3ecfee98d638588a91bfd040ff21430dbef5e1dc474f181cddfb392be9e87f84e2c16c0332c1eff2395601a3071

    • SSDEEP

      3072:U+2kaDXsPN/Dn+W1YM12nKqYXwR+UtLqV7BR1/SZSt8drYW2Jt01s3oEd:R2k/5+WSsSHLqNBzS4adrT2Jt0u3

    Score
    10/10
    phishing

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks