262da98a4ff216924133f82ed71a177b56f36408bcf273f248633c9d1e9bcb8e | Triage

Submit
Reports

Overview

overview

Static

static

8

document-2...08.xls

windows7_x64

document-2...08.xls

windows10_x64

Sharing

General

Target

this_problem (39).zip
Size

14KB
Sample

210303-63n3lwgsax
MD5

e1f7b236873376d412bda619d8d2d429
SHA1

9a17d522358e85b82face0492c79311a9e3632ac
SHA256

262da98a4ff216924133f82ed71a177b56f36408bcf273f248633c9d1e9bcb8e
SHA512

de84a8e64526579a20122359869c59d3be30e47aadedfb0e3ec341602d5b688efe67e4d9451e68a1c39b3d03c91fb48c38fb63092ca5263c19c7d39bed1197af

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-2016781308.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-2016781308.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://dskl02touc03jeby.com/index.xls

Targets

- Target
  
  document-2016781308.xls
- Size
  
  86KB
- MD5
  
  c9c4347f0d6ddea818767a90511be22a
- SHA1
  
  9f59ff65708d92782989ded40e561e4a6b7daaae
- SHA256
  
  1d68e82817fe348b7e80e371ca19ab6ab46299ddca1b96e2a108b449fbe766ec
- SHA512
  
  8dcdec14d04c7e03e790ac1ea1a76fb73342174aec270394847a6a045069d13cd00acf82463562b7f9571709d7a75f0b4496d83798aad885d56d3c2e8b57fb83
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy