52e0b5d39e9a97736b03f2b0ac315bb874da3632574cdd252fd8b9138cc1b299 | Triage

Resubmissions

17-12-2020 18:23

201217-a919dkygg2 10

03-12-2020 14:36

201203-xg2dt64s3j 10

Sharing

General

Target

document-1699807874.xls
Size

111KB
Sample

201217-a919dkygg2
MD5

dea2166519409b96205775cc95abab6e
SHA1

a70da2919e3f81d3fd397435649097e296605536
SHA256

52e0b5d39e9a97736b03f2b0ac315bb874da3632574cdd252fd8b9138cc1b299
SHA512

28f317f53ace16c4c6ffc701fad325eebc0dc54c85477cfd9b27d1cbd809b1df128fa235b72c7db7927618adca29440a54c194f97cdb8f38bc98220200f24b1c

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://p-clone.net/ds/021220&C51

Targets

- Target
  
  document-1699807874.xls
- Size
  
  111KB
- MD5
  
  dea2166519409b96205775cc95abab6e
- SHA1
  
  a70da2919e3f81d3fd397435649097e296605536
- SHA256
  
  52e0b5d39e9a97736b03f2b0ac315bb874da3632574cdd252fd8b9138cc1b299
- SHA512
  
  28f317f53ace16c4c6ffc701fad325eebc0dc54c85477cfd9b27d1cbd809b1df128fa235b72c7db7927618adca29440a54c194f97cdb8f38bc98220200f24b1c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1