f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e | Triage

Submit
Reports

Overview

overview

Static

static

8

licence_WR...9.xlsb

windows7_x64

licence_WR...9.xlsb

windows10_x64

Sharing

General

Target

licence_WR123456789.xlsb
Size

237KB
Sample

210706-4r679gngnj
MD5

d4be0a085db10789f786807e0694f1bb
SHA1

dce0f13f8141409f4fa3919b1508df4aff69b445
SHA256

f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e
SHA512

b74838a7dbb9d0240ffb421763a0bce44ef6b3705236f27992e91409b8d6a5767a08077edb8ad6bc6f9a83c0e829de5189d4a3ed81d8584a8e7f9b617579d322

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

licence_WR123456789.xlsb

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

licence_WR123456789.xlsb

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  licence_WR123456789.xlsb
- Size
  
  237KB
- MD5
  
  d4be0a085db10789f786807e0694f1bb
- SHA1
  
  dce0f13f8141409f4fa3919b1508df4aff69b445
- SHA256
  
  f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e
- SHA512
  
  b74838a7dbb9d0240ffb421763a0bce44ef6b3705236f27992e91409b8d6a5767a08077edb8ad6bc6f9a83c0e829de5189d4a3ed81d8584a8e7f9b617579d322
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy