Overview

overview

10

Static

static

8

Complaint_...1.xlsm

windows7_x64

10

Complaint_...1.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint_Copy_1639255636_011920212.zip

  • Size

    21KB

  • Sample

    210119-14hcxwpgjs

  • MD5

    1725b1e973d12b5a12a92e4954ea0f0e

  • SHA1

    16a1bf9932f6bf3290a753245728b734b7602cc6

  • SHA256

    7e049a3b057863233b1a0234b00a39f4a65e54fb247bc9126f9f295cfd47f785

  • SHA512

    c9fa15c484aa254ad21ca3f554dd99f8af509a0a4a52fb3730ba8a6809679ad97cb91fe8b05f2376b2d3dd89d734c9ff2c5f72ae2d1388dfd913da54bfd70ec1

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://pwu.aat.mybluehost.me/wbpojmhplcyi/5555555555.jpg

Targets

    • Target

      Complaint_Copy_1639255636_01192021.xlsm

    • Size

      25KB

    • MD5

      658de46decf3be284b481a25816532fa

    • SHA1

      f43a176ecfe9112e03942d4c2b68494d26ebf653

    • SHA256

      7cb4ff8749a82b3dd145f2dfc8f2d5817fcde9359de2ad4a3c4b2a7cb0c45870

    • SHA512

      ddb09d573a9c4d03f3e2258d4db8304cb35c7ed406c336e9e94226d0b2f95ceb4e646365202be3e1e3847089564a79db9b5a1fab0b9d5c6f7226456f4d3e9b88

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks