4e590d2889ad8e5e8baf2fc4f57ce42903141218b28d9a5ebff7db9aa6620bd1 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-6...11.xls

windows7_x64

document-6...11.xls

windows10_x64

Sharing

General

Target

file (25).zip
Size

14KB
Sample

210302-hg394vc76s
MD5

aec04d684856ea5d4b80eebced85bb52
SHA1

423a06bb4deb2da17b39e893bb042930dca8e5a0
SHA256

4e590d2889ad8e5e8baf2fc4f57ce42903141218b28d9a5ebff7db9aa6620bd1
SHA512

97a59a9572561b7ba7fe2ac9feeeb2f7e11dde02b4380ae54126d24421fb7ed55bc6c51c62f4de203b3293a20c8772b850d58dd3dc23d4c3d0a15456c3d92e72

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-682448711.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-682448711.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://kfzhm28pwzrlk02bmjy.com/mrch.gif

Targets

- Target
  
  document-682448711.xls
- Size
  
  85KB
- MD5
  
  4bfd284e3081e30bd03f1bcce136620a
- SHA1
  
  2597ec2e8ad786504259d6702f8f0bfbc7bf29a0
- SHA256
  
  f2922f4bd36c24f3ac4f4a623382babfcd9644c17432364ab4ad42b01618d48e
- SHA512
  
  5f9acbcc6656397634da3cb562e52b06170502f857b7a7717a37138c566ab5d7194b6b1491d4af3bf9406d425fcb5263ac9fd200e099718f6d66212f892bc300
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy