892972a4e0cb87f700fa44efe029d427516e30800a73837636221511d7d99e67 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...22.xls

windows7_x64

document-1...22.xls

windows10_x64

Sharing

General

Target

attached (45).zip
Size

14KB
Sample

210304-mr7e8bb9dn
MD5

5a46de1b3ea269a0b07e04c7e1bdbf60
SHA1

a8e7dc7ee364e6dd20d9229bc2085157712385d5
SHA256

892972a4e0cb87f700fa44efe029d427516e30800a73837636221511d7d99e67
SHA512

a4c875f82ebadea7a4ef9b78d764bac2cefe3df88962cf5a78f1822d10350488ceec7d5e6826f103ba433cfbc56b18ade1be6e21cc0b5e3fe9b8870f89ed9000

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1542036422.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1542036422.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://uhfa02eknih03swzdku.com/index.xls

Targets

- Target
  
  document-1542036422.xls
- Size
  
  86KB
- MD5
  
  74d6a894733a005d0ccbe71285c1786f
- SHA1
  
  b79f8a79c24763c4a13655e9f59e323b38d78baa
- SHA256
  
  93d6aea4fceae79b1165d8a9a4897b4c1b340690a22ada8a7a4dedd6a1b1c712
- SHA512
  
  da2ead0406115542786a006b896d984f3c334d29b26515c68f789587db89457de5eb318107a75917f7ae8f5c14e5da8aafb806f6e4ad21d4bc4a8ded03e39563
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy