229f8dadf4a7bbc9366d1d12acdf8d632afdf31361a45922e5bb3ba0b5638277 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...27.xls

windows7_x64

document-1...27.xls

windows10_x64

Sharing

General

Target

_attached_file (70).zip
Size

33KB
Sample

210312-c1jvd43gpa
MD5

f9283724b8c18a492c03a1eff84aaaf3
SHA1

f1d3b02fb7e26c81a4aebc3e6bf86bed65622aad
SHA256

229f8dadf4a7bbc9366d1d12acdf8d632afdf31361a45922e5bb3ba0b5638277
SHA512

840455ce6f248acc9d801c86b4d220b216b1415bdddc22203dbae1fbda95536859d80de3ae1e87cf8746eb19f7ae0132902a44210d20c5c4e17770f619550a4d

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-196434727.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-196434727.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://gcfxb12aefoyn03epdoji.xyz/i.gif

Targets

- Target
  
  document-196434727.xls
- Size
  
  138KB
- MD5
  
  c298be4395bc3a28f4000a527b708fba
- SHA1
  
  93a2a64376c569875f51cbbb45ddca500e18f8ea
- SHA256
  
  3dc9c02c0dfa3f57f565690ad505d95098419b094d7f5edf14509e3ddcc20762
- SHA512
  
  463f82297189b00ca83539b49b50005c7ddf0dc80b2f590121fe299b1cf899275d860f76d832024758e1fa5bf1c20b61d5346b0854fc3dca0287c80f019283b5
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy