29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366 | Triage

Resubmissions

04-03-2021 13:27

210304-475dzzyvns 10

29-05-2020 15:54

200529-2wxrpzpnan 10

Sharing

General

Target

29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm
Size

86KB
Sample

210304-475dzzyvns
MD5

a758f5bfaeb275b5dfaf5be55a8b087b
SHA1

eff178dfef00ee753f4a540107632e43ec4a4ef9
SHA256

29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366
SHA512

7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://aonagenarian.eu/3/skp.dll

Targets

- Target
  
  29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm
- Size
  
  86KB
- MD5
  
  a758f5bfaeb275b5dfaf5be55a8b087b
- SHA1
  
  eff178dfef00ee753f4a540107632e43ec4a4ef9
- SHA256
  
  29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366
- SHA512
  
  7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2