9329adb26ba16c6197cf75b2a1454443d614dc4cf6e7d3b910549951438f08c9 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-6...05.xls

windows7_x64

document-6...05.xls

windows10_x64

Sharing

General

Target

_file_attached (80).zip
Size

14KB
Sample

210303-kppp84dh6x
MD5

834f8e40b949d80134cad5f4f251a043
SHA1

085281c70a773f3449e46a4d4ca23ce760ae7b17
SHA256

9329adb26ba16c6197cf75b2a1454443d614dc4cf6e7d3b910549951438f08c9
SHA512

3b64f32f86cb5949a9623d67d3015a03ba8940f7707d473ef4a54cc99ea06332f0e1bd078196d2eeb784bc6ecc0c802f2271c4333f51b76349f03bc77ce34200

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-695884905.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-695884905.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://hqcaz02egeq03bvmhm.com/index.xls

Targets

- Target
  
  document-695884905.xls
- Size
  
  86KB
- MD5
  
  90e7ac2eed5035b7295b4ee019257358
- SHA1
  
  502d65f9861152b55c1a2a2e4361ebb05f06a3df
- SHA256
  
  88bc6e18fd358baff3a0011428c6a47f33a245ab6c8c4356694943723956dadd
- SHA512
  
  053ecdac4ba68ad9aa9eb710538c216cb639f36ba977ea1a483afd34e4b3b838903b4b3e78dcca1f45f4a8b202b8a471366ef35bdd87c0f981eb094e888cfb6e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy