cb9823d3bf216b20c5ad580368e8164ccb7ba85468f6dbd27f8c082fe3b08099 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-7...86.xls

windows7_x64

document-7...86.xls

windows10_x64

Sharing

General

Target

collected (23).zip
Size

15KB
Sample

210224-rjwa6sh4l2
MD5

8b626f259a36be92943fd8f64e0dbacd
SHA1

2d949be61477ec5736510fc750643deca99f29c4
SHA256

cb9823d3bf216b20c5ad580368e8164ccb7ba85468f6dbd27f8c082fe3b08099
SHA512

08548528f1189db7a521d36eaae98105a2a9d7479f58663594ba59f2ae4800c4f1d2c185dc78a1b9ecb4d31c6b3c1352d13d1c1cea9068bde3cfc52fa7f05e68

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-706788186.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-706788186.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://185.212.47.84/22.gif

Targets

- Target
  
  document-706788186.xls
- Size
  
  90KB
- MD5
  
  e21fa247ae9af58927aedaf5dfd63478
- SHA1
  
  7f83938a868a71c0430978963e7edb94521895cc
- SHA256
  
  9c4d4c6009c4c6659443d3cee334bfa45d584a7494e1d473139d118fe757c998
- SHA512
  
  17d5dcbd0c7a4c2f3ad581d8a705bd1038dcf3eed9ce80cffb5a04b330236c572d776f504eacf1d053bcf16fdaed95f17227b57df15321d0befa57339d49cf09
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy