8bfd6da153f43e819ed278b72ab71cbe9bb6f6f12a3d83372db44040d437e601 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-6...54.xls

windows7_x64

document-6...54.xls

windows10_x64

Sharing

General

Target

attached-25.zip
Size

14KB
Sample

210302-ay81224bds
MD5

1be5ca0b25c10b07ae948aac6223278d
SHA1

2f9437bc566f39fab978513b54d121d58a6ef18b
SHA256

8bfd6da153f43e819ed278b72ab71cbe9bb6f6f12a3d83372db44040d437e601
SHA512

76e16301a5a27e49727e1342ed3345359852576e56230d14419535b6d51a48df4216fc035fdf2733f73413eac3d4fe146edceb7f85a7083a5cce24c1f820147b

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-680008354.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-680008354.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ugrl28bxsnh02kohk.com/mrch.gif

Targets

- Target
  
  document-680008354.xls
- Size
  
  85KB
- MD5
  
  6cafc4b93a4c66581441b5600cc5966d
- SHA1
  
  ec60a23a49f04ae580e8efec984af57ef418df55
- SHA256
  
  b136a63d91105af8f36bd2548e6fecf275a0ace8bbe79f2c621efde9239abafc
- SHA512
  
  a59fc98b8b086104411a07040729f7472b7965a8e7a622dd69907b4d109200c1c6c985f5cfbc3ffb523d6f139df23f77ab3e6b81343c8721a9f7078e6d444cfc
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy