Overview

overview

10

Static

static

8

Doc_6.xls

windows7_x64

10

Doc_6.xls

windows10_x64

7

Resubmissions

08-03-2021 15:02

210308-f5qy1tnern 10

18-02-2021 22:11

210218-nt9a2n217a 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Doc_6.xls

  • Size

    62KB

  • Sample

    210308-f5qy1tnern

  • MD5

    0f70433b292a3d3d362f618530cd86d9

  • SHA1

    fe2e12e002d872ee803e0b62e3f79f1630e3719d

  • SHA256

    cb86215bc9adb03dc88f3cf05473d34a68b326b50f676a83b7cf80c68a150bc3

  • SHA512

    fe9ff1c19e9780fc02c62e4849002b00403ec9706315edbaf2dec2e1631ff63c8494d47ca6a55bc37a2cd4a15494ab250dcb7bfd22605cd99c04d02f328c227d

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://jinnahofficersschool.com/logs.php

Targets

    • Target

      Doc_6.xls

    • Size

      62KB

    • MD5

      0f70433b292a3d3d362f618530cd86d9

    • SHA1

      fe2e12e002d872ee803e0b62e3f79f1630e3719d

    • SHA256

      cb86215bc9adb03dc88f3cf05473d34a68b326b50f676a83b7cf80c68a150bc3

    • SHA512

      fe9ff1c19e9780fc02c62e4849002b00403ec9706315edbaf2dec2e1631ff63c8494d47ca6a55bc37a2cd4a15494ab250dcb7bfd22605cd99c04d02f328c227d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks