f133d9793f6d163107acdbc329944de41fa1f91da03aa8ba382867e1b0420e17 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...18.xls

windows7_x64

document-1...18.xls

windows10_x64

Sharing

General

Target

this_issue (42).zip
Size

15KB
Sample

210224-b949w9511n
MD5

68aa53e4719bdc5f4c6939b25e120a96
SHA1

8d0e95dd33aa7b797bb7145f5312de5e8175c272
SHA256

f133d9793f6d163107acdbc329944de41fa1f91da03aa8ba382867e1b0420e17
SHA512

f84c5104a11e15061955991ae5c34395da9338380cf80a00415b9881655b6774cc25b8c46598915595cda236475e459e0ea01718e3d5208b8ef3cacee745a34f

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1610559818.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1610559818.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://31.214.157.206/22.gif

Targets

- Target
  
  document-1610559818.xls
- Size
  
  90KB
- MD5
  
  166d0e4e50303630b148a09eed5c3d46
- SHA1
  
  ad2c322456653198f0474a6f32f4c6e0e6e23dc5
- SHA256
  
  c5a856a5c3981d8fbb0aa1043c82b790f803fd0dcc8dff18f45499211707a531
- SHA512
  
  41c2bfd37226e721107ae8090b785255f6be628bc84cbbcc708e37ab973f4333a7fab791209589be4afd01626569b0f043a6d7eb559352cb4e0c4a41e90c3939
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy