e94e260bed7472c40f90594cd6f9c6b3adbd27b1da1f4e8d0280d15c52984a36 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...63.xls

windows7_x64

document-1...63.xls

windows10_x64

Sharing

General

Target

attached (11).zip
Size

14KB
Sample

210304-bh4l3lx742
MD5

c4f6b1428e7bb311d0655b78191cd805
SHA1

c0ba4c0d61f0ec3dbdc2a10a129be29b4b39b705
SHA256

e94e260bed7472c40f90594cd6f9c6b3adbd27b1da1f4e8d0280d15c52984a36
SHA512

c0dd68a0f1ef050dabcc8f6ed25fed6b4e386b5e5bf0e5c934b0a4ad0b915328edaf64c10ab4d3f0b5d034e5425f5c1fb1acada1a581c9ba2ca268998766cd0d

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1364257063.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1364257063.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://etysu02scnabr03wzaxue.com/index.xls

Targets

- Target
  
  document-1364257063.xls
- Size
  
  86KB
- MD5
  
  7e5a066d793ba1d7c79c2cc159213251
- SHA1
  
  62388b55e9f6157d3f31554ab93310dab4483b25
- SHA256
  
  04bb4b5d089c38d80eb0a980aeb8fb0ed4a192027871e3d6bf1431bdd9c8137d
- SHA512
  
  1f7937ab7a1ec79b1164da458a06385b45cae5214d2aa4d096b4f1f19d6d7897eb61a7da624f2d968bd97d512f074c13fb3c2b8f2d70d215ff440c997422d65a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy