Overview

overview

10

Static

static

8

document-2...24.xls

windows7_x64

10

document-2...24.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    found (60).zip

  • Size

    15KB

  • Sample

    210222-ted975q256

  • MD5

    946b606597a000f7ca3d08ca7ab9f9d8

  • SHA1

    491ff671c71d3ad85f495f808cb82968aa03c513

  • SHA256

    cb16e8bbaafeca728ff22b743c3512e814a943ff080c80610efd51d8c296fad7

  • SHA512

    b6f5cb8a7138d35b72d7f45004af60585774fe201a29848a3f388bc34254683a4349bafbb1061639212f0dba665f07dea661d629529df53690611108eb1d52c4

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://mavenconsulting.com.pk/ds/2202.gif

Targets

    • Target

      document-2059398424.xls

    • Size

      91KB

    • MD5

      2d092de84c63e64fc77da5cf97777bef

    • SHA1

      fe9c05e4da68a5a174bde0e7e52855297fffd135

    • SHA256

      f8735d5dad4c1b40b8b27f1b206c3ee3345daf03c80d911015495e528040cb73

    • SHA512

      83353edfb2aa7409c7cedc7461df296968c0ce38d4d54953e320cd9d5b84337071a1e677bad28eefdc53908a61d55383e6b172a9eaa7164bfc6dc5e39afd057f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks