Overview

overview

10

Static

static

8

document-6...77.xls

windows7_x64

10

document-6...77.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _attached_file (13).zip

  • Size

    14KB

  • Sample

    210303-scpw7eqfxn

  • MD5

    0e9b4cace36c1c913fdadce131a14779

  • SHA1

    41b6247f84f4f532113f419bb665cf516e9bf093

  • SHA256

    824db21a3b048aaaeab592ecc51f3bd4aee3e41eee6ac0bdf8410f4c9abf301c

  • SHA512

    0c041fdd27edf857d073465556414d65c119d7f64e7eba0d30561d38ed23d6a40636188fd365e51ccb6ce169f2b63d6c74f29a378473130d7af30efde6100604

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://wlog28dzzmi02spfin.com/mrch.gif

Targets

    • Target

      document-643821377.xls

    • Size

      86KB

    • MD5

      df2f323872cf673b798c2beb50cff749

    • SHA1

      6e33161f05442dff3828296db4faf29a591bec31

    • SHA256

      65626629c457fea7557edbde595a9682dbfaba9d0e829fed859040ce68f915cc

    • SHA512

      476f77ce4808be79b955b38fbfe8babd3ba0bdd4936877e734c93b71afcd25f687fd3b4becd6df422bbc327f00b3f973b95e871014971305e8544017d7fd99f0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks