Overview

overview

10

Static

static

8

document-6...11.xls

windows7_x64

10

document-6...11.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-679517211.xls

  • Size

    86KB

  • Sample

    210226-1ptrwh52dj

  • MD5

    872ba2f87e7fec59d16b21d5e32e8998

  • SHA1

    2b01eaf941703e63cb8fc41f298245cbc398258b

  • SHA256

    50ce61238d00449cb50a1b66c5fb76766d35bd7ccaf8617e6d164c07f6c821df

  • SHA512

    3e7c5493cd0f1c2314f9bd971145fc0eb2994d082416da5d3e5e21e54ce5680356a69fd6e819e4c6e1d5eaeb42e4cdb67e66445512b4adc5ddfd22ab602f2452

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://nvrih26coxejl02enyfn.com/fera/frid.gif

Targets

    • Target

      document-679517211.xls

    • Size

      86KB

    • MD5

      872ba2f87e7fec59d16b21d5e32e8998

    • SHA1

      2b01eaf941703e63cb8fc41f298245cbc398258b

    • SHA256

      50ce61238d00449cb50a1b66c5fb76766d35bd7ccaf8617e6d164c07f6c821df

    • SHA512

      3e7c5493cd0f1c2314f9bd971145fc0eb2994d082416da5d3e5e21e54ce5680356a69fd6e819e4c6e1d5eaeb42e4cdb67e66445512b4adc5ddfd22ab602f2452

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks