c6971112e20b441f60617be0343ced897ef21ba2b298f282bbb547248c4360b3 | Triage

Submit
Reports

Overview

overview

Static

static

8

QegkD76apD...B.xlsm

windows7_x64

QegkD76apD...B.xlsm

windows10_x64

Sharing

General

Target

QegkD76apDUdkgmDSSbB.xlsm
Size

144KB
Sample

211021-p5qcbaacg3
MD5

31a6c161407e0e1c22ba4c8cc7922dbd
SHA1

68d27dbce6639d2360d24f3cfbd48e3f03a8c26a
SHA256

c6971112e20b441f60617be0343ced897ef21ba2b298f282bbb547248c4360b3
SHA512

035c4fe21e7153e13a3d5cf6013bb99e5a23ea7ca46693d8a1b6db72023d0d46fa20167da20d52ed38500ef97fe64eb42b0faa829ee5150e75484db8bbd8718d

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

QegkD76apDUdkgmDSSbB.xlsm

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QegkD76apDUdkgmDSSbB.xlsm

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://3.64.251.139/vr/r/QegkD76apDUdkgmDSSbB.exe

Targets

- Target
  
  QegkD76apDUdkgmDSSbB.xlsm
- Size
  
  144KB
- MD5
  
  31a6c161407e0e1c22ba4c8cc7922dbd
- SHA1
  
  68d27dbce6639d2360d24f3cfbd48e3f03a8c26a
- SHA256
  
  c6971112e20b441f60617be0343ced897ef21ba2b298f282bbb547248c4360b3
- SHA512
  
  035c4fe21e7153e13a3d5cf6013bb99e5a23ea7ca46693d8a1b6db72023d0d46fa20167da20d52ed38500ef97fe64eb42b0faa829ee5150e75484db8bbd8718d
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy