65511c269199007b6a378c6f8e48fe58b2398deaef305e6aac5a94afa69ade48 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-2...57.xls

windows7_x64

document-2...57.xls

windows10_x64

Sharing

General

Target

collected (64).zip
Size

33KB
Sample

210312-ld16ej31jn
MD5

64b5a2a3dff92c51ba221b3ad1802fa5
SHA1

25d5420de6037d15b695a008ae450f1c604c5e2d
SHA256

65511c269199007b6a378c6f8e48fe58b2398deaef305e6aac5a94afa69ade48
SHA512

1e61d1c9deb7e148fdc1fc577d8977016591e44b5f9eb2c15ee3e8a1dc06e0454876551dec3fd720cb7d524a99a8e5f0326f79aed3c093a5891a0fbe82d756c2

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-2116115857.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-2116115857.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://nvelj12qyyfi03kqxy.xyz/i.gif

Targets

- Target
  
  document-2116115857.xls
- Size
  
  138KB
- MD5
  
  298b04a1308d15fec52c6ee0de68b208
- SHA1
  
  eaa5b596a388458d54e6b7c9313c1b61689ac817
- SHA256
  
  f44844a796ae3701b351e396b6fc5ec77120cc46d377c152dac982c9e4498eb3
- SHA512
  
  6176f4eb8fa64f004d2981b3ef1762e38010a798ab1f82d941a06c73b444336323154245c6af83710dfdb619ba5ccafec440e5325395aa7dbf208e16a61c1e3e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy