Overview

overview

10

Static

static

8

1E66C639F1...D.xlsm

windows7_x64

10

1E66C639F1...D.xlsm

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1E66C639F157FA066C2E4070A46CB0AF32548F4FBA63684120513433059CD26D.zip

  • Size

    37KB

  • Sample

    210114-6ls1dsdmtn

  • MD5

    a63a11317d422896ef6129a030fd14f5

  • SHA1

    c8c465c22ab31dd6b68f90720aa798b73125a4f3

  • SHA256

    e3800768bbe39dd0cee94fc9b9c3302d025b66699b6c7d3ed322fb5a16eb8aad

  • SHA512

    ac9065ac16e433a2df5711ed8cc282aa8b659c857772af2d00b7ea16f9138ca9945112494bf14819126b31dd809780ba63e07a7efd6caa410c2e76a05fb72392

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://mindmap.monster/fzqdqni9.zip

Targets

    • Target

      1E66C639F157FA066C2E4070A46CB0AF32548F4FBA63684120513433059CD26D.xlsm

    • Size

      41KB

    • MD5

      032734a3c93c44855955d4769b7ded98

    • SHA1

      f38cd18659e0fb5d862bac1d9f24691dda4a292c

    • SHA256

      1e66c639f157fa066c2e4070a46cb0af32548f4fba63684120513433059cd26d

    • SHA512

      cd662cd2810fef6a50e9ad4fc9c43e2e56d6c6329a432a19709ea410e3cd8d6f5308a04a8f3f82604dea3e0c8aaa7b3d9959ad8815b097acf11207b32ba41ba9

    Score
    10/10
    macroxlm

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks