29171354e4ae13a40193f189cae9b3c9376265ff67697efb1da97cd6ebeaf4f1 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...72.xls

windows7_x64

document-1...72.xls

windows10_x64

Sharing

General

Target

document-1865975572.xls
Size

138KB
Sample

210312-xrrl7y1mss
MD5

049b4936a69c550eada3b931d7124e25
SHA1

166085d0c208891568b450fa1e6220025400fc31
SHA256

29171354e4ae13a40193f189cae9b3c9376265ff67697efb1da97cd6ebeaf4f1
SHA512

8e28ad1233009ec3e632c4d1700665080945138526578a74bd9465c8ddae7011b7c2172378152d6ec61672337872e6af8980c6b835f2eb61a488d4c764e724e8

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1865975572.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1865975572.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://nvelj12qyyfi03kqxy.xyz/i.gif

Targets

- Target
  
  document-1865975572.xls
- Size
  
  138KB
- MD5
  
  049b4936a69c550eada3b931d7124e25
- SHA1
  
  166085d0c208891568b450fa1e6220025400fc31
- SHA256
  
  29171354e4ae13a40193f189cae9b3c9376265ff67697efb1da97cd6ebeaf4f1
- SHA512
  
  8e28ad1233009ec3e632c4d1700665080945138526578a74bd9465c8ddae7011b7c2172378152d6ec61672337872e6af8980c6b835f2eb61a488d4c764e724e8
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy