General

  • Target

    this_challenge (12).zip

  • Size

    14KB

  • Sample

    210304-fv759ll4s2

  • MD5

    15087dbaf4d2f52cdd31a16c49e65910

  • SHA1

    e7ed21a1a2ef40105915965a28c112f0e5651abd

  • SHA256

    9fcb88b31b3472e6e32bc678ec6145f959dd4d588a0325bc17743b675a592ec6

  • SHA512

    ee581ccc936ed74d510d9e8a871191d342e854d9c82bd2744e0c8cd254e7ea119bec79a4e4c683c38985dfd7efcbf8238a131e06dabb0a6bc9d67c1a9f97b446

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://etysu02scnabr03wzaxue.com/index.xls

Targets

    • Target

      document-2048961057.xls

    • Size

      86KB

    • MD5

      a2eef102370b2ce65dc2a5716aadfab5

    • SHA1

      2856f0d6609ab8e70e179cf3e56dabcabcde68b3

    • SHA256

      fc3dee9ee4cc942f9905d7d19c7e205bad05df8f403c687068dda98e882c3e14

    • SHA512

      0bd681a414eb795df747f01080d6dbe6fcd190262497998a91b4455c93e67eee69f84834c4b093a63eaf4767460f358748979360b517d15369d48d0a76727785

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks