28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd | Triage

Submit
Reports

Overview

overview

Static

static

8

a.xls

windows7_x64

a.xls

windows10_x64

Sharing

General

Target

a.xls
Size

293KB
Sample

210505-5bygmdq1bx
MD5

389033e6344dfd187f5e11eb84879faf
SHA1

49e245741d6f4529e729da82573f950e91716e8e
SHA256

28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd
SHA512

ad8bd29be1b13972db777013e4c5c04be9fd3b66c09efd4a285e83bd6936801258604fcdcd28c3678ff7879f9c7056f28e8136bf037573cad168296821c33695

Score

10^/10

macro persistence xlm

Static task

static1

Behavioral task

behavioral1

Sample

a.xls

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a.xls

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://atlantisprojects.ca/cheryasd.dll

Targets

- Target
  
  a.xls
- Size
  
  293KB
- MD5
  
  389033e6344dfd187f5e11eb84879faf
- SHA1
  
  49e245741d6f4529e729da82573f950e91716e8e
- SHA256
  
  28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd
- SHA512
  
  ad8bd29be1b13972db777013e4c5c04be9fd3b66c09efd4a285e83bd6936801258604fcdcd28c3678ff7879f9c7056f28e8136bf037573cad168296821c33695
Score

10^/10

persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy