d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843 | Triage

Resubmissions

17-12-2020 17:17

201217-f5b1rz4352 10

08-12-2020 15:09

201208-l8pbgx1xqe 8

Sharing

General

Target

Doc-7679.xls
Size

31KB
Sample

201217-f5b1rz4352
MD5

e40c18535c48fdfe3b2e841d51c94038
SHA1

6e1e23e8891a8ecd8ee3d85bc77c281f4b6be63b
SHA256

d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843
SHA512

ec1457b453beca0e7d543c2652f3b58b6a0f976abec2cb979f867518657a6a4248998febe37086d60dc3c193cb6a4e968bcd747c5541372dc0ed0f033e865bd7

Score

10^/10

macro

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.localco.ae/wp-scan.php

xlm40.dropper

https://sadiahyat.com/scan.php

Targets

- Target
  
  Doc-7679.xls
- Size
  
  31KB
- MD5
  
  e40c18535c48fdfe3b2e841d51c94038
- SHA1
  
  6e1e23e8891a8ecd8ee3d85bc77c281f4b6be63b
- SHA256
  
  d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843
- SHA512
  
  ec1457b453beca0e7d543c2652f3b58b6a0f976abec2cb979f867518657a6a4248998febe37086d60dc3c193cb6a4e968bcd747c5541372dc0ed0f033e865bd7
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2