6c0044bea92b2aa70dd3129f5a3193a8c90990d767bc928ed31eff6848f13c8c | Triage

Submit
Reports

Overview

overview

Static

static

8

document-7...32.xls

windows7_x64

document-7...32.xls

windows10_x64

Sharing

General

Target

router08.php
Size

52KB
Sample

210118-a6zh1p6rxn
MD5

9b111d9ceb8860d0e302aabc03dbe86e
SHA1

a74824d6b40a646894c47fe40218075b0266eeff
SHA256

6c0044bea92b2aa70dd3129f5a3193a8c90990d767bc928ed31eff6848f13c8c
SHA512

f71eec1036d04c162111e1c43e506ddcaa9e558afee9dd21771b0b6fa35d635139518f9330a2e34bf3a6e686c41ab814a36c0c2e4b160a4dc199f2e617835a9a

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-723944832.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-723944832.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://bucklindata.net/ds/061220.gif

Targets

- Target
  
  document-723944832.xls
- Size
  
  110KB
- MD5
  
  8cda6231daee62c974929d1ddea4c51f
- SHA1
  
  86ab0f197c90122f1b0ee34a7fec74b639ef3e44
- SHA256
  
  823fb54f19139d84c0a979cd24c3a7fdc054081326ad93a608ae9a976c2c2b76
- SHA512
  
  480e9575056a6e06b06158ded80f1a494c9bb059268b53d7cd9d580b6b0688c969b271edbd0b251d6442dbf03fd622c3cd7f02685e1b6f0c1420e43174825313
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy