Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Copy-557393476-03092021.zip

  • Size

    13KB

  • Sample

    210309-3j7fybmw8e

  • MD5

    72c903e0e52ad592b567063a27d45066

  • SHA1

    6a673bc775d2af8d51fee027336a164c2bc40920

  • SHA256

    2d6c56345a266ea82cbda5d916ecc0143c787638cd14dcacc9d7bdf8a33d2aa3

  • SHA512

    e96d768e84045d8033171c801fc6b860d28fb4fdc4268115a07f5e35ded4c70bf0e8731b8f71d758260337898c9305ab224db170a6e377d51e5c0975b02303b9

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ryctech.net/yhqlhnhtzrwb/44264.823221412.dat
xlm40.dropper

http://www.soundslingersstudio.com/znrptdbfqahd/44264.823221412.dat
xlm40.dropper

http://fairyflydesigns.com/bcjczunj/44264.823221412.dat
xlm40.dropper

http://jk.themoscowcity.com/ivwoahwzlndw/44264.823221412.dat
xlm40.dropper

http://blueblazestudios.com/bkgrenjhbztb/44264.823221412.dat

Targets

    • Target

      Complaint-Copy-557393476-03092021.xls

    • Size

      81KB

    • MD5

      96a11092f43aa93dbe709f5f63853fcc

    • SHA1

      439ddb32e789d3fb8ca03b8ee3494549c13a51ca

    • SHA256

      614ab1a690fcc4e2ff433685be32cd5ef95c12b271afe208a54a661782e519d8

    • SHA512

      f24127143c507aaf8c166fba18e3e1c8072a280276737e38a11350a7341ded5d1e33e94a505e4c495e81c31833631d1582e08da87487ea971c0d1610a245ee67

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks