a5b8add7f3d2b50be086900fdfc81ea9666e7a87705a0e7e812c0edaa169e58d | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...07.xls

windows7_x64

document-1...07.xls

windows10_x64

Sharing

General

Target

document-1100242207.xls
Size

88KB
Sample

210225-nn2zbycwz6
MD5

954d0877c5c24a81909a48b11c456122
SHA1

6388c4c76036560dbde22cec476367fc85df42de
SHA256

a5b8add7f3d2b50be086900fdfc81ea9666e7a87705a0e7e812c0edaa169e58d
SHA512

6d42c53df6c8d68d15169f0125485e4d1d7a69d87dacf931faf413dadb14180f3fc32deffdc5a63c4a2d5d0719ebe48df9f53f0ab277e988e7b176e59ff31e60

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1100242207.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1100242207.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fb25er43hfy.com/fb26.gif

Targets

- Target
  
  document-1100242207.xls
- Size
  
  88KB
- MD5
  
  954d0877c5c24a81909a48b11c456122
- SHA1
  
  6388c4c76036560dbde22cec476367fc85df42de
- SHA256
  
  a5b8add7f3d2b50be086900fdfc81ea9666e7a87705a0e7e812c0edaa169e58d
- SHA512
  
  6d42c53df6c8d68d15169f0125485e4d1d7a69d87dacf931faf413dadb14180f3fc32deffdc5a63c4a2d5d0719ebe48df9f53f0ab277e988e7b176e59ff31e60
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy