Overview

overview

10

Static

static

8

GFT_822286...85.xls

windows7_x64

10

GFT_822286...85.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GFT_822286282_687395985.xls

  • Size

    188KB

  • Sample

    210304-tz7trdyl72

  • MD5

    999288814f2399e599e458fdba0fa334

  • SHA1

    3b7872616a33fcabdfe1655144bd130c5f2963cc

  • SHA256

    bab6b7f6a10c835f8e38bde21d9420bbab615be6563a15404323033dc386fea3

  • SHA512

    fde60138e35368cc846bb5cf0e1bd6323d63b5a81d773618d88c39dfe9683b30614d5464141955c60d1deeafc0cf6eb0cf0e24c8eaff3898acea35de710fa254

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://davidachim.com/wpold/document.php

Targets

    • Target

      GFT_822286282_687395985.xls

    • Size

      188KB

    • MD5

      999288814f2399e599e458fdba0fa334

    • SHA1

      3b7872616a33fcabdfe1655144bd130c5f2963cc

    • SHA256

      bab6b7f6a10c835f8e38bde21d9420bbab615be6563a15404323033dc386fea3

    • SHA512

      fde60138e35368cc846bb5cf0e1bd6323d63b5a81d773618d88c39dfe9683b30614d5464141955c60d1deeafc0cf6eb0cf0e24c8eaff3898acea35de710fa254

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks