General

  • Target

    Trial_case_documentation_57758095.xlsm

  • Size

    83KB

  • Sample

    210720-scz7lbl11s

  • MD5

    e99974044c3d978662cbb16fc107e39a

  • SHA1

    44dfcc058967791d942bcedc04d66fc33314604b

  • SHA256

    6f72df93a557315e682c391217be15a9a4ed17bcd501cac88a204550efe4ab8d

  • SHA512

    08935955cf0a4382e8fea6d79b0c8929dc4d8981311f528466b621da9d36c7a307f9ca5d469e14081b964265dbfdae111c015de04c957fe3bfddd713bc1c0d31

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://162.248.225.97/1.php

Targets

    • Target

      Trial_case_documentation_57758095.xlsm

    • Size

      83KB

    • MD5

      e99974044c3d978662cbb16fc107e39a

    • SHA1

      44dfcc058967791d942bcedc04d66fc33314604b

    • SHA256

      6f72df93a557315e682c391217be15a9a4ed17bcd501cac88a204550efe4ab8d

    • SHA512

      08935955cf0a4382e8fea6d79b0c8929dc4d8981311f528466b621da9d36c7a307f9ca5d469e14081b964265dbfdae111c015de04c957fe3bfddd713bc1c0d31

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks