99fb5cd31df57af36dd39f19df63d7484e2db31a0d6abfb18e4d94bd77806bd0 | Triage

Submit
Reports

Overview

overview

Static

static

8

Document29429.xls

windows7_x64

Document29429.xls

windows10_x64

Sharing

General

Target

Document29429.xls
Size

266KB
Sample

210225-g8p5s7h9s6
MD5

5354f07ee5b77ebc0ac791db52887244
SHA1

c142b55accd0fc4672f61df8ea3fb9ef07ed0923
SHA256

99fb5cd31df57af36dd39f19df63d7484e2db31a0d6abfb18e4d94bd77806bd0
SHA512

609ef3a278e956c332243389de233956015bd3b9a0b0060f2eb3ed80516bd950f199eb2429926cdd848301e71b2b5d023eb8d7491c6e4b943c466cda7fdce7fc

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Document29429.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Document29429.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://promo.physio123.com/ds/1702.gif

Targets

- Target
  
  Document29429.xls
- Size
  
  266KB
- MD5
  
  5354f07ee5b77ebc0ac791db52887244
- SHA1
  
  c142b55accd0fc4672f61df8ea3fb9ef07ed0923
- SHA256
  
  99fb5cd31df57af36dd39f19df63d7484e2db31a0d6abfb18e4d94bd77806bd0
- SHA512
  
  609ef3a278e956c332243389de233956015bd3b9a0b0060f2eb3ed80516bd950f199eb2429926cdd848301e71b2b5d023eb8d7491c6e4b943c466cda7fdce7fc
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy