b96965d845c925b8dc0f3e4279ad4e571c1409891fee795bde704c5b1f063ce9 | Triage

Submit
Reports

Overview

overview

Static

static

8

FV051021.xls

windows7_x64

FV051021.xls

windows10_x64

Sharing

General

Target

FV051021.xls
Size

37KB
Sample

210510-ckxng779ga
MD5

950855b20d993acd341e87feaa208037
SHA1

973f3a8ac29ad715ec649e9785738f60fe0a2d48
SHA256

b96965d845c925b8dc0f3e4279ad4e571c1409891fee795bde704c5b1f063ce9
SHA512

782da77b08b8ae44bc4913c73d377b9c3f88a8c39685dca2d3f1cbc7e2c5174d33cc3346b1b6f1f686ef59f8c572e8ac074e5446d9441b97e3b1d93f159cdc3c

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

FV051021.xls

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FV051021.xls

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FV051021.xls
- Size
  
  37KB
- MD5
  
  950855b20d993acd341e87feaa208037
- SHA1
  
  973f3a8ac29ad715ec649e9785738f60fe0a2d48
- SHA256
  
  b96965d845c925b8dc0f3e4279ad4e571c1409891fee795bde704c5b1f063ce9
- SHA512
  
  782da77b08b8ae44bc4913c73d377b9c3f88a8c39685dca2d3f1cbc7e2c5174d33cc3346b1b6f1f686ef59f8c572e8ac074e5446d9441b97e3b1d93f159cdc3c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Use of msiexec (install) with remote resource
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy