c5ea38bc1453a2a77c5a61264aa4b7e7529013613fe9022cb48a3a6aebfff932 | Triage

Submit
Reports

Overview

overview

Static

static

8

document-1...75.xls

windows7_x64

document-1...75.xls

windows10_x64

Sharing

General

Target

prepared (39).zip
Size

33KB
Sample

210315-vvm2tae7rs
MD5

d75ff52750d148f069bc656f215149f9
SHA1

18762d900a6173393e16bef7b161fb195e4967bd
SHA256

c5ea38bc1453a2a77c5a61264aa4b7e7529013613fe9022cb48a3a6aebfff932
SHA512

574b5313bd572ec10af11d9318e5271a854e39ced5b1c4d3569fa4efcc4893a4c825b5603b79a7cf7d4166e1929d96ac36b7e670862f8d51bc653ddde2c1bc95

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

document-1480960875.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

document-1480960875.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://zltw15tzezi03nbmru.xyz/w.gif

Targets

- Target
  
  document-1480960875.xls
- Size
  
  139KB
- MD5
  
  0b7470c0fd179a46a521e4925be13504
- SHA1
  
  f209f195ebe3876e253e08769ca87524458efdf3
- SHA256
  
  232c3f673c0f228da3ff70ce545ff12601d20d05ce581b3df30a0c741d5b2398
- SHA512
  
  2459d051d2421292b636a05e9fdf17ae78bb53f945004b411709a100dcbcc3c9775bdd4badcf84053fb5f2885970b4e071da803c8a14cfceacb7c13b745cfc1c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy