6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d | Triage

Submit
Reports

Overview

overview

Static

static

8

Client_doc...9.xlsm

windows7_x64

Client_doc...9.xlsm

windows10_x64

Sharing

General

Target

Client_documents_access_1793-1029.xlsm
Size

85KB
Sample

210723-e7xcd967t2
MD5

e05574d2a2b00fc7b9862ad631ce3315
SHA1

b55f7933231453358bd4e0a033a8030595412b60
SHA256

6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d
SHA512

065d815ac37c355098345392f4ffe1793317e6cd55640f05229c2f1211b9a0dd0941844e7234a27986f8b6a48cb8de1aa883440c23be91450f6b1da9cb9c1468

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Client_documents_access_1793-1029.xlsm

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Client_documents_access_1793-1029.xlsm

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://162.248.227.39/first.php

Targets

- Target
  
  Client_documents_access_1793-1029.xlsm
- Size
  
  85KB
- MD5
  
  e05574d2a2b00fc7b9862ad631ce3315
- SHA1
  
  b55f7933231453358bd4e0a033a8030595412b60
- SHA256
  
  6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d
- SHA512
  
  065d815ac37c355098345392f4ffe1793317e6cd55640f05229c2f1211b9a0dd0941844e7234a27986f8b6a48cb8de1aa883440c23be91450f6b1da9cb9c1468
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy