Overview

overview

10

Static

static

8

Documents118.xlsm

windows7_x64

10

Documents118.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents118.xlsm

  • Size

    57KB

  • Sample

    210315-3nenyn5st6

  • MD5

    9793c1a18272f2459fee69f8f914388f

  • SHA1

    740aa60f77f9372bad6e533637ef9e812d1f9b44

  • SHA256

    9ba472bd3fcd23bf1b820c9f35e33fd64c334c2e3b7189bf77bc0c080c449e56

  • SHA512

    4fd053e65f414f20c3ef3f53169968f0766f63dea462b373b682734c32309a128a975609c636d7cf42350319d88e1c15c77f98041b25d9c65eb077560022edfa

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://xgka03stox03cloeqz.com/index.gif

Targets

    • Target

      Documents118.xlsm

    • Size

      57KB

    • MD5

      9793c1a18272f2459fee69f8f914388f

    • SHA1

      740aa60f77f9372bad6e533637ef9e812d1f9b44

    • SHA256

      9ba472bd3fcd23bf1b820c9f35e33fd64c334c2e3b7189bf77bc0c080c449e56

    • SHA512

      4fd053e65f414f20c3ef3f53169968f0766f63dea462b373b682734c32309a128a975609c636d7cf42350319d88e1c15c77f98041b25d9c65eb077560022edfa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks