705ed29b47fac978b78055169ccdaf4a15e3dbd3e9834263b52d9bcbe90af885 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...21.xls

windows7_x64

document-1...21.xls

windows10_x64

Sharing

General

Target

_file_attached (92).zip
Size

33KB
Sample

210313-p1kkz17g9n
MD5

079d5d8c26fa8090a5d85f2ea6206039
SHA1

49984b9cbf1ea298361f522c6dbcac51df4e53e7
SHA256

705ed29b47fac978b78055169ccdaf4a15e3dbd3e9834263b52d9bcbe90af885
SHA512

871906e0cb24c879c2dc9b36f8af2b59adbc1a37b5af15716cfbe199969e3b020583831646a7bbe11da5ab2d9162c98d77155b5a0a61f8a873fa80a4b98bda4e

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1467203121.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1467203121.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ipok12bcame03shzpiq.xyz/i.gif

Targets

- Target
  
  document-1467203121.xls
- Size
  
  138KB
- MD5
  
  9c2ddb1d8786b31a33b6b29819001dc2
- SHA1
  
  1e31002ae8fef5ce967bb0f8bf2df2549b82a9ac
- SHA256
  
  6557493aa9a9cd2a19145a179e877b50f1c47e9d0f2280cac686260299d43da0
- SHA512
  
  767233213fc73a35ec7f28e2ad4df0dace94c876d1dbf068309c3b7b2ee90cd24c81009f127735dbe9310c0d3d3d2639da6f1e0afd342e560eabfc0b53e967e9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy