Overview

overview

10

Static

static

8

Complaint-...21.xls

windows7_x64

10

Complaint-...21.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Complaint-Copy-684209303-03092021.xls

  • Size

    80KB

  • Sample

    210309-7dpn7mcxq6

  • MD5

    929a37b88e9317036edc9cef13cf68ee

  • SHA1

    be790f3e60156d3dc2dac6061a6df906c634304e

  • SHA256

    78b0fb46c1563fbdaf9d9b9fedfe848aa9b0950af5b98a4e5de18fd649604de7

  • SHA512

    1f4eca1bea7f83f606c963b7196e9ec2e81bda6ccfc4e0094bc6459a526c24575ff04ca875a258751102882d810316446df8d970cfc5397e1bbfc52ea0f8ac46

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://edgethefoundation.com/owdkvdylem/44264.645540625.dat
xlm40.dropper

http://thehealthandwellbeingclub.com/vrplxjytfbp/44264.645540625.dat
xlm40.dropper

http://aslambek.eu/nqyxczidjed/44264.645540625.dat
xlm40.dropper

http://samsung-drivers.xyz/npbpm/44264.645540625.dat
xlm40.dropper

http://osrsport.com/tlftzsi/44264.645540625.dat

Targets

    • Target

      Complaint-Copy-684209303-03092021.xls

    • Size

      80KB

    • MD5

      929a37b88e9317036edc9cef13cf68ee

    • SHA1

      be790f3e60156d3dc2dac6061a6df906c634304e

    • SHA256

      78b0fb46c1563fbdaf9d9b9fedfe848aa9b0950af5b98a4e5de18fd649604de7

    • SHA512

      1f4eca1bea7f83f606c963b7196e9ec2e81bda6ccfc4e0094bc6459a526c24575ff04ca875a258751102882d810316446df8d970cfc5397e1bbfc52ea0f8ac46

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks