Overview

overview

10

Static

static

8

document-2...62.xls

windows7_x64

10

document-2...62.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    prepared (71).zip

  • Size

    15KB

  • Sample

    210223-j4sphx9lls

  • MD5

    467aaa856e90cf5be91f4bc739d4fbd3

  • SHA1

    b85b71111f99567fe16aa267e0f1c07653204351

  • SHA256

    4b836a43f866f8b6c79765bd9a5c0f1b028a7782950921fa33dd24105ba47ecf

  • SHA512

    aff3a07a593b2bb9a00b2272017f128102e14c35a1999d52080667e3d606c341545424a06490cee3da73d79e531f81afded8cf7d6350878da0b8de82eb2d9f9c

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://pg.happyslot88.cc/ds/2202.gif

Targets

    • Target

      document-2099530162.xls

    • Size

      91KB

    • MD5

      215b3b2f2098dd894f11591d64f5d5c1

    • SHA1

      10bfbc38b6ec4ad3d4701956f37df602cc6d80bb

    • SHA256

      3428185a6292440865b95022397ca97a287c5287946e8cba6d2ae00a94206d8d

    • SHA512

      576e649cd67911aec7268fcdf0a44fc5f25a55a6fc9ff502f7021ea38b4544ebe8d98c02af4d50a74f570d2d4cafa96585b5c4d50775d2d4e838108af57c993f

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks