bf63b4c1daf0659b61d9c90cd76e05e8b0c488d6d619178388ab867ca53b0edd | Triage

Submit
Reports

Overview

overview

Static

static

8

document-8...32.xls

windows7_x64

document-8...32.xls

windows10_x64

Sharing

General

Target

documents (51).zip
Size

15KB
Sample

210220-ndsz9kyl7n
MD5

3a71d3433d39edc3a5489f50fd9e6e44
SHA1

06e88807902f6746621cab05d0e757253300fc90
SHA256

bf63b4c1daf0659b61d9c90cd76e05e8b0c488d6d619178388ab867ca53b0edd
SHA512

6aa6145469abcaa3f9cad0e9c10608f737e9c0190eff6c85e0bf5ad26e287d58e07cfec59f7ee04435cfa0a04ee16c4a8ae5becb7ba937ea5d024141877b433b

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-871813132.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-871813132.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://semanadaquebradeparadigmas.com.br/ds/1902.gif

Targets

- Target
  
  document-871813132.xls
- Size
  
  89KB
- MD5
  
  b513cec51f27439d29fac0f50dddfc2e
- SHA1
  
  f13417ee00c33d16b6cc23772710dafcddcbe7df
- SHA256
  
  56c3b93db9d347f6ce801f8100d58561d60fa111ae394278471eb0713c799ef8
- SHA512
  
  b258dcbfd69d264639d4bc8e06ce77d75f9f2ac256114ff49dc58225135779a9b0fc418d4bd5dc00ac1f6df57003dc46afd2093b5d1e3757bd42622981bbd10d
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy