a390a57e05c97c4acc424041988d4c8216461d4f514db527da2385be026011ef | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...72.xls

windows7_x64

document-1...72.xls

windows10_x64

Sharing

General

Target

document (68).zip
Size

33KB
Sample

210312-jcgasq9mkj
MD5

86a2c1fa5499aa4dd3724af62053716b
SHA1

ce091b1c5607f14ecd31a1a330842d226b9481fe
SHA256

a390a57e05c97c4acc424041988d4c8216461d4f514db527da2385be026011ef
SHA512

5c78e4f68402d48126fed35c700fa7e296bc20ab33ad851687a0f90c5946dab2bc7945702bcb4b16e85b6eadd568fb8569b68863da5cbda389003a508db18ed4

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-194221672.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-194221672.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ipok12bcame03shzpiq.xyz/i.gif

Targets

- Target
  
  document-194221672.xls
- Size
  
  138KB
- MD5
  
  bdcfbe6c0fa5b2c2839c178b8a7073a4
- SHA1
  
  62a31cfef45125d3915fa7bc37f7e334b693893a
- SHA256
  
  54f34e88d1b6fdae2410b448e86fc75d7dcf2f524a588610325adff2a7883925
- SHA512
  
  735d1a4dfd5666ab637f20eb468160926bbf018c26ea808d58334373c66092f56a99f77c2765258427f54598dd366615687a76c1d6dd1f78a6f7b13ed7fb89f6
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy