Overview

overview

10

Static

static

8

document-1...99.xls

windows7_x64

10

document-1...99.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc (55).zip

  • Size

    33KB

  • Sample

    210312-ppylypqmyn

  • MD5

    9644e7bf98249a61ac7d2337afa19f0e

  • SHA1

    66b775ee72e00b711dfa2c7a66d6f8abea2dc990

  • SHA256

    10f840014f0eeaef53721d101250db1686b5eba01ba2519f58ddc05fc2bf97c9

  • SHA512

    3e05682a6be108307fe2c0b7da1889d60f9f7bd25948f47d8083c0588ebb5fce64632a5c7785098861c478f66b5ca98abd0f5204495f2efc7ec06dee5a9c1eab

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bqx12lnjk03rrdio.xyz/i.gif

Targets

    • Target

      document-1922515199.xls

    • Size

      138KB

    • MD5

      440830e3be371c53dbbe571736b105e3

    • SHA1

      3d63c4e83ded0a6240f9270878513586aebe39e3

    • SHA256

      497a4b4da11c775051944cf50abfb5d0af842b229a792a4167663d0bbdee25a5

    • SHA512

      41a8f887284ee3954e6e97b43b325671b26fc4cfe5c28eec150ddb3848a51bd742bf7bde02be1a5b875e2a5d971bbba5c92e91ad0757dc78e0800c0d80e59782

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks