4a5899e9b2a6e4618465d57b162cad20662e6611ea6548beeebc4084341105ef | Triage

Submit
Reports

Overview

overview

Static

static

8

transactio...1.xlsb

windows7_x64

transactio...1.xlsb

windows10_x64

Sharing

General

Target

transaction_approval_031209511.xlsb
Size

61KB
Sample

210709-7tj7qfzkz2
MD5

a12ad7cc0adae78e14ae648b63e37699
SHA1

118ca4e4b3c7a747e06403b3dad87b69c1b38098
SHA256

4a5899e9b2a6e4618465d57b162cad20662e6611ea6548beeebc4084341105ef
SHA512

40ca40f7f0ccefb27824119d551b668d5cfe5639d0ed6649451a7af343c7945cb14a0935c7cc5463bdd9f817ea5931a1c386ab4668c9e7880785ff02f33d86c7

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

transaction_approval_031209511.xlsb

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

transaction_approval_031209511.xlsb

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://185.180.199.125/s1.dll

Targets

- Target
  
  transaction_approval_031209511.xlsb
- Size
  
  61KB
- MD5
  
  a12ad7cc0adae78e14ae648b63e37699
- SHA1
  
  118ca4e4b3c7a747e06403b3dad87b69c1b38098
- SHA256
  
  4a5899e9b2a6e4618465d57b162cad20662e6611ea6548beeebc4084341105ef
- SHA512
  
  40ca40f7f0ccefb27824119d551b668d5cfe5639d0ed6649451a7af343c7945cb14a0935c7cc5463bdd9f817ea5931a1c386ab4668c9e7880785ff02f33d86c7
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy