Overview

overview

10

Static

static

8

document-1...10.xls

windows7_x64

10

document-1...10.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    this_challenge (17).zip

  • Size

    14KB

  • Sample

    210302-a72jefj2zx

  • MD5

    c374a65855539ca6dc323a8c75ce69a9

  • SHA1

    4e13e885938de4c821faa627deb881d1c2489ec6

  • SHA256

    db10af9e07b3162a0bb0dd46eaf1bbad69d76b9a5f8863a1fcb1a3c1c7b88c89

  • SHA512

    16481aea59ab910cad78b262cf52d2d6a5191a46cd38b5f11e1f6e6714c780e40e09f8498f2edd2aec2711e5868133f034bfd396e587f197ada4bcf6afe79e60

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://qxloq28vhjko02eiiagg.com/mrch.gif

Targets

    • Target

      document-1226092010.xls

    • Size

      85KB

    • MD5

      ff6ba02a111f999f683149f4d35da8f4

    • SHA1

      f86dddf4ad1b5a365b7fbe6cebe932db12760a18

    • SHA256

      fffebfa51136e887b9c461ebba0e484c998208abb431d44ce767cfb18f8b3797

    • SHA512

      b8dd33f5b9ab656f5148894538565e7a832df0a499c7ddc0478b72440a9ba9a66deb3cc45a2bda26181544c47ed56f28bb4557eafea81fe370f6493813f61db9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks