d215870d387fd00ab767940af9933d49e471b40ce2a2752902238a1e99fed314 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...97.xls

windows7_x64

document-1...97.xls

windows10_x64

Sharing

General

Target

document (64).zip
Size

15KB
Sample

210225-47pnkg8pwx
MD5

e3ea2265fe7e13b7df1eec899b38e109
SHA1

94f1926e0f0b38b0661006a08e9790f72bd43fd0
SHA256

d215870d387fd00ab767940af9933d49e471b40ce2a2752902238a1e99fed314
SHA512

96c023abf0003e12ceacdf7b438ed36d4a747b56f34be8a7313237fb9c7e10b9eaa227b07cda93452326a025668323458d8d52b95a712101874288a6f839f2e0

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1184871997.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1184871997.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fb25d3as23hy.com/fb26.gif

Targets

- Target
  
  document-1184871997.xls
- Size
  
  88KB
- MD5
  
  2c085ffbd15cae5499a294b612ded5b2
- SHA1
  
  f6f6cd45c999b14a33c713948ae29a063f97261c
- SHA256
  
  87408cd6267a5c8b7836b9ac8c725a01e3fada9c083344e4f7bcbcb728b2a9d3
- SHA512
  
  ebb4b543ff6e21854ce555d5cbadb0e4a829d92b50c67c10007e87df2f18643770b88651753b00563c038729fac380021b9f451774ccef702cc4e3248d53fba9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy