07ba32c20ac0dc07a85fe7736d41d1add1504e216be3e4552afb5af0f0d343fa | Triage

Sharing

General

Target

109.xls
Size

59KB
Sample

210309-a3nbjavqgx
MD5

ef3ad454d6b4c4e647859a399cf3b029
SHA1

e6cc9f23e4fcb470a1d07a6592799b46ece3632e
SHA256

07ba32c20ac0dc07a85fe7736d41d1add1504e216be3e4552afb5af0f0d343fa
SHA512

08efdd07c3228c719942ad2fa6020b32f92fa35d51494f6bb73edd3f182cb53547ee5604be7622638ed720b9cd57e0d1ff2a01e6fbba9c208cde560af65355ee

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://solemnenterprise.com/k.php

Targets

- Target
  
  109.xls
- Size
  
  59KB
- MD5
  
  ef3ad454d6b4c4e647859a399cf3b029
- SHA1
  
  e6cc9f23e4fcb470a1d07a6592799b46ece3632e
- SHA256
  
  07ba32c20ac0dc07a85fe7736d41d1add1504e216be3e4552afb5af0f0d343fa
- SHA512
  
  08efdd07c3228c719942ad2fa6020b32f92fa35d51494f6bb73edd3f182cb53547ee5604be7622638ed720b9cd57e0d1ff2a01e6fbba9c208cde560af65355ee
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2