Overview

overview

10

Static

static

8

document-1...01.xls

windows7_x64

10

document-1...01.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1443024301.xls

  • Size

    85KB

  • Sample

    210302-263f6kky7a

  • MD5

    5cdc79a8aeebd4c087cbd2980afc0ccd

  • SHA1

    2ac1663aa15e0a91a5658f16b8d4647b243f54f9

  • SHA256

    c7d7d034ef4ad845ffa4544716fe1fad999b438b4705658c14555b765045642a

  • SHA512

    a76fe01b08d8e441326e4d915ba4b4e1fe3b2f7af7bbff23f1e9485caf4017a63e9ed2c9c3e64a6fd3120e5a5bf840bb311a8e513562bc0d9119db07c9faf9cb

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ugrl28bxsnh02kohk.com/mrch.gif

Targets

    • Target

      document-1443024301.xls

    • Size

      85KB

    • MD5

      5cdc79a8aeebd4c087cbd2980afc0ccd

    • SHA1

      2ac1663aa15e0a91a5658f16b8d4647b243f54f9

    • SHA256

      c7d7d034ef4ad845ffa4544716fe1fad999b438b4705658c14555b765045642a

    • SHA512

      a76fe01b08d8e441326e4d915ba4b4e1fe3b2f7af7bbff23f1e9485caf4017a63e9ed2c9c3e64a6fd3120e5a5bf840bb311a8e513562bc0d9119db07c9faf9cb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks