b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222 | Triage

Submit
Reports

Overview

overview

Static

static

8

zload.xls

windows7_x64

zload.xls

windows10_x64

5

Sharing

General

Target

zload.xls
Size

31KB
Sample

210120-66nzq94ebe
MD5

db5863749e79e71db2f4481f81c7554b
SHA1

3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a
SHA256

b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222
SHA512

eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc

Score

10^/10

macro ransomware xlm

Static task

static1

Behavioral task

behavioral1

Sample

zload.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

zload.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://forteanhub.com/v.php

Targets

- Target
  
  zload.xls
- Size
  
  31KB
- MD5
  
  db5863749e79e71db2f4481f81c7554b
- SHA1
  
  3f65e0f402e183a769b8b2bb7c5e626b4d0cd59a
- SHA256
  
  b465ca76ded69a5f0ddcbb70eb7c7b01d974b03ccd4d298f7d771a418fa9a222
- SHA512
  
  eb1d023b6dd6678275324a34365dd85ef8a11d7a2a25ce30ee9dd8e17d364826d33a1c67ecc9bc634391d5803b520ba4e9152ea81932aebb874af2317e91e1bc
Score

10^/10

ransomware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- JavaScript code in executable
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy