6fd4e8614714081b43ee0a3ac097e228ee1ddb7829e9c64ecc8b35bf5a5cd575 | Triage

Submit
Reports

Overview

overview

Static

static

8

3741.xlsm

windows7_x64

3741.xlsm

windows10_x64

1

Sharing

General

Target

3741.xlsm
Size

25KB
Sample

210311-dth236jmzn
MD5

c3dbd59f0fbea52b29054e009ceb9d0d
SHA1

639592d885f5c7dd3fdcd2987883985d1cb4e6a9
SHA256

6fd4e8614714081b43ee0a3ac097e228ee1ddb7829e9c64ecc8b35bf5a5cd575
SHA512

39a8ca3f869b71f02abcc184af3bbc20adb3e2d9b871cdd3d10f975b0485e88d5161b1f1b0c7594b3ce3c7223ac0895607481b579c15791b24989b667b4e10ca

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

3741.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3741.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://tcommerceshop.com/server.php

xlm40.dropper

https://fernandogaleano.com/server.php

Targets

- Target
  
  3741.xlsm
- Size
  
  25KB
- MD5
  
  c3dbd59f0fbea52b29054e009ceb9d0d
- SHA1
  
  639592d885f5c7dd3fdcd2987883985d1cb4e6a9
- SHA256
  
  6fd4e8614714081b43ee0a3ac097e228ee1ddb7829e9c64ecc8b35bf5a5cd575
- SHA512
  
  39a8ca3f869b71f02abcc184af3bbc20adb3e2d9b871cdd3d10f975b0485e88d5161b1f1b0c7594b3ce3c7223ac0895607481b579c15791b24989b667b4e10ca
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy