a0442432ffaeb0f8af85315491daa38902c7cec3360e38c237bbab0d0f52eebd | Triage

Submit
Reports

Overview

overview

Static

static

8

sviluppo_e...7.xlsb

windows7_x64

sviluppo_e...7.xlsb

windows10_x64

Sharing

General

Target

sviluppo_economico_20__17.xlsb.zip
Size

91KB
Sample

210721-eqr8147kej
MD5

1c55626170ca1e70e35e8dbd653d7c20
SHA1

2af035c622fd260e2f829eea8db16186ab3c0a1d
SHA256

a0442432ffaeb0f8af85315491daa38902c7cec3360e38c237bbab0d0f52eebd
SHA512

28bbedfed4c98c1499aad14808bd46f216acc5bf330482fbf15dffeca5f2b97a004ab4e3e884aca3e36ff1275b5bb5ca7a6fa0e54c0626bc7d3d4d2f2a29b6b4

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

sviluppo_economico_20__17.xlsb

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sviluppo_economico_20__17.xlsb

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://liveswindows.bar/opzi0n1.dll

Targets

- Target
  
  sviluppo_economico_20__17.xlsb
- Size
  
  108KB
- MD5
  
  1d52bc651501078bdc0bb89f03aa103d
- SHA1
  
  4d61218c7337d39b403c2e458d3397ed3945a583
- SHA256
  
  95b7c86e3bd63fdec0e7261c0c215ff6776aebe34e797f08c7715849a6b6cbe0
- SHA512
  
  6af65338767fc624ff5514d236ab60e4298af131a6261ce1ef05ed032ad142caf31b67cb39a843ed04e5d33ee1753f3b200f290dd96a5a18c4e234444432c143
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy