Overview

overview

10

Static

static

8

Schedule07...8.xlsm

windows7_x64

10

Schedule07...8.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Schedule072021R7218468.xlsm

  • Size

    185KB

  • Sample

    210707-pvmvcs4e76

  • MD5

    02b86e6098aeb1e57e434319850a3db6

  • SHA1

    ed06266ef9ef26046ed6e52bb9d04cb6d7a464f6

  • SHA256

    e3b0a515f8ad1cd101eddab33f55139f4cccf452625db0534b17321cc7c552c3

  • SHA512

    5236f67c801c42899c24260ea0c48540b4ec85708a093acb832668990d53f561718b7e1f377961920b2844a402d09312c89ed7ba271d05a673d426c9e7ddcad5

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://thousandsyears.download/div/44376,8555986111.jpg
xlm40.dropper

http://voopeople.fun/div/44376,8555986111.jpg
xlm40.dropper

http://uppercilio.fun/div/44376,8555986111.jpg

Targets

    • Target

      Schedule072021R7218468.xlsm

    • Size

      185KB

    • MD5

      02b86e6098aeb1e57e434319850a3db6

    • SHA1

      ed06266ef9ef26046ed6e52bb9d04cb6d7a464f6

    • SHA256

      e3b0a515f8ad1cd101eddab33f55139f4cccf452625db0534b17321cc7c552c3

    • SHA512

      5236f67c801c42899c24260ea0c48540b4ec85708a093acb832668990d53f561718b7e1f377961920b2844a402d09312c89ed7ba271d05a673d426c9e7ddcad5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks