99464d2fe2aa5abbfb5c8f51d90d0848b5fd6df3dde9d042d3f6b2bb6269ee03 | Triage

Sharing

General

Target

CompensationClaim_1766530077_03122021.xls
Size

280KB
Sample

210312-24et75w7hs
MD5

e57b0fec2bcc5e65fd5afd5a90a07aa3
SHA1

696cd7d64807e7830943bdccd95e7a2663b44c80
SHA256

99464d2fe2aa5abbfb5c8f51d90d0848b5fd6df3dde9d042d3f6b2bb6269ee03
SHA512

8849a2c23616abf869ea4612b1fb80db329415b64e5304f153a6a4e4b7d4e2bd20b57f9bd0b8357246356973ab04be5daed58f984880130c8e07930cf2cf04ec

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://185.82.219.161/44267.9678039352.dat

xlm40.dropper

http://45.140.146.26/44267.9678039352.dat

xlm40.dropper

http://188.127.227.167/44267.9678039352.dat

xlm40.dropper

http://44267.9678039352.dat

Targets

- Target
  
  CompensationClaim_1766530077_03122021.xls
- Size
  
  280KB
- MD5
  
  e57b0fec2bcc5e65fd5afd5a90a07aa3
- SHA1
  
  696cd7d64807e7830943bdccd95e7a2663b44c80
- SHA256
  
  99464d2fe2aa5abbfb5c8f51d90d0848b5fd6df3dde9d042d3f6b2bb6269ee03
- SHA512
  
  8849a2c23616abf869ea4612b1fb80db329415b64e5304f153a6a4e4b7d4e2bd20b57f9bd0b8357246356973ab04be5daed58f984880130c8e07930cf2cf04ec
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2