b5b2501e8edbbfbe98a9a37d832c6beeb142258af1931fb7efbeb71816d346e9 | Triage

Submit
Reports

Overview

overview

Static

static

8

537.xls

windows7_x64

537.xls

windows10_x64

7

Sharing

General

Target

f9daa18f5b5f3b861192e888a93bc2bd54a5a29ed0b489860aa5f8fb96afc0d4.zip
Size

19KB
Sample

210302-8xphqwb5vn
MD5

16b96e53a45464af08b2055a085095ab
SHA1

06598d50938181ce7bfb438653c1bf96b469c1af
SHA256

b5b2501e8edbbfbe98a9a37d832c6beeb142258af1931fb7efbeb71816d346e9
SHA512

e8f7fd78f5cdc5cd418f2de7f63294d5600e740c52fb613675e7344a907f6b4ffb135a13cd9a3255da330624755b62c4643bab2310adef3511bd6788d773512c

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

537.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

537.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://metodotiza.com/server.php

Targets

- Target
  
  537.xls
- Size
  
  59KB
- MD5
  
  1080ea3405d7fda958c134b22779eba9
- SHA1
  
  a084dd81df0f23687f861e903bb7a5e1f8cb4956
- SHA256
  
  f9daa18f5b5f3b861192e888a93bc2bd54a5a29ed0b489860aa5f8fb96afc0d4
- SHA512
  
  e4a26cf1c55c85c76716a336739c00afcfc412a35ec2b0a1148989f7f91e53a84d118ad3ce312ec247da2f4105fb68028725d1cb1c372cb387c9fc616264c9c2
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy